On 4/30/12 11:32 PM, "Dave Quigley" <dpquigl@...> wrote:
>On 4/30/2012 2:55 AM, Spencer Shepler wrote:
>> We have completed the last call for the Labeled NFS.
>> While this is a short document and certainly has had a lot of feedback
>> over its lifetime, I do not believe this particular version is ready to
>> forward to our AD.
>> I need to have at least two reviewers for this version before I will
>> shepherd it forward. Given this is a requirements document and it deals
>> with security and it is providing a path for our NFSv4.2 work, I want it
>> to be ready for the broader IESG review.
>> Thanks in advance for the help.
>> nfsv4 mailing list
>> nfsv4@... >> https://www.ietf.org/mailman/listinfo/nfsv4 >
>Here are my comments come up with.
>This might be splitting hairs so I leave it up to others to decide but
>technically Windows Vista/Windows 7 does not provide mandatory access
>controls. They have a mandatory integrity model but not access controls.
>Their access control model is squarely in the DAC category.
Removed the technicality.
>Section 3.4 First paragraph
>The sentence "The opaque component consists of the label which will be
>interpreted by the MAC model on the other end...." That last part just
>reads weirdly to me. I'm not sure how to change it or if it needs to but
>reading over it several times it just doesn't read well to me.
- The opaque component consists of the label which will be
interpreted by the MAC
- model on the other end while the LFS provides a mechanism for
- structure and semantics of the label's components.
+ The LFS component provides a mechanism for identifying the
structure and semantics of the
+ opaque component. Meanwhile, the opaque component is the security
label which will
+ be interpreted by the MAC models.
>In modes of operation we don't describe what we use to refer to a dumb
>mode. We have guest mode in here but I don't read anything in the
>section which says that the server may provide labeling without
>enforcing a policy and the client may still enforce policy on its end.
>Maybe its late and I'm missing something but I tried reading it over and
>couldn't find anything which would enable the use case in section 4.5
>which is simple security label storage.
I think you want this section:
4.5. Simple security label storage
We also mention it in here:
3.9. Upgrading Existing Server
Do you want to pull it out of the Use Cases and into the modes?
>Section 4.7 with subsections
>It seems weird to have such a large section describing MLS semantics. It
>was important when it was one of two use cases but is it still
>necessary? I'm ok with leaving it in but it seems out of place that we
>have over a full page for that one use case while everything else gets
>two or three paragraphs.
It is the easiest for non-security people to understand?
>That is all I could find. Everything else is very polished and reads
>well. I'm glad we were able to put together such a good document.
>nfsv4 mailing list