IETF
 » 
IETF - nfsv4

 « Return to Thread: WG last call complete for Requirements for Labeled NFS (still needs review)

Re: WG last call complete for Requirements for Labeled NFS (still needs review)

by Haynes, Tom-2 :: Rate this Message:

| View in Thread



On 4/30/12 11:32 PM, "Dave Quigley" <dpquigl@...> wrote:

>On 4/30/2012 2:55 AM, Spencer Shepler wrote:
>> We have completed the last call for the Labeled NFS.
>>
>> While this is a short document and certainly has had a lot of feedback
>> over its lifetime, I do not believe this particular version is ready to
>> forward to our AD.
>>
>> I need to have at least two reviewers for this version before I will
>> shepherd it forward. Given this is a requirements document and it deals
>> with security and it is providing a path for our NFSv4.2 work, I want it
>> to be ready for the broader IESG review.
>>
>> Thanks in advance for the help.
>>
>> Spencer
>>
>>
>>
>> _______________________________________________
>> nfsv4 mailing list
>> nfsv4@...
>> https://www.ietf.org/mailman/listinfo/nfsv4
>
>Here are my comments come up with.
>
>Section 1
>
>This might be splitting hairs so I leave it up to others to decide but
>technically Windows Vista/Windows 7 does not provide mandatory access
>controls. They have a mandatory integrity model but not access controls.
>Their access control model is squarely in the DAC category.


Removed the technicality.

>
>Section 3.4 First paragraph
>
>The sentence "The opaque component consists of the label which will be
>interpreted by the MAC model on the other end...." That last part just
>reads weirdly to me. I'm not sure how to change it or if it needs to but
>reading over it several times it just doesn't read well to me.


-      The opaque component consists of the label which will be
interpreted by the MAC
-      model on the other end while the LFS provides a mechanism for
identifying the
-      structure and semantics of the label's components.

versus

+      The LFS component provides a mechanism for identifying the
structure and semantics of the
+      opaque component.  Meanwhile, the opaque component is the security
label which will
+      be interpreted by the MAC models.


>
>Section 3.5
>
>In modes of operation we don't describe what we use to refer to a dumb
>mode. We have guest mode in here but I don't read anything in the
>section which says that the server may provide labeling without
>enforcing a policy and the client may still enforce policy on its end.
>Maybe its late and I'm missing something but I tried reading it over and
>couldn't find anything which would enable the use case in section 4.5
>which is simple security label storage.


I think you want this section:

4.5.  Simple security label storage

We also mention it in here:


3.9.  Upgrading Existing Server


Do you want to pull it out of the Use Cases and into the modes?


>
>Section 4.7 with subsections
>
>It seems weird to have such a large section describing MLS semantics. It
>was important when it was one of two use cases but is it still
>necessary? I'm ok with leaving it in but it seems out of place that we
>have over a full page for that one use case while everything else gets
>two or three paragraphs.


It is the easiest for non-security people to understand?


>
>
>That is all I could find. Everything else is very polished and reads
>well. I'm glad we were able to put together such a good document.
>_______________________________________________
>nfsv4 mailing list
>nfsv4@...
>https://www.ietf.org/mailman/listinfo/nfsv4

_______________________________________________
nfsv4 mailing list
nfsv4@...
https://www.ietf.org/mailman/listinfo/nfsv4

 « Return to Thread: WG last call complete for Requirements for Labeled NFS (still needs review)

Free embeddable forum powered by Nabble Forum Help