Last Call Review of draft-ietf-nfsv4-layout-types-03
review-ietf-nfsv4-layout-types-03-secdir-lc-salowey-2015-04-23-00

Request Review of draft-ietf-nfsv4-layout-types
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-04-16
Requested 2015-04-02
Other Reviews Genart Last Call review of -03 by Meral Shirazipour (diff)
Genart Telechat review of -03 by Meral Shirazipour (diff)
Opsdir Last Call review of -03 by Menachem Dodge (diff)
Genart Last Call review of -09 by Meral Shirazipour (diff)
Review State Completed
Reviewer Joseph Salowey
Review review-ietf-nfsv4-layout-types-03-secdir-lc-salowey-2015-04-23
Posted at https://www.ietf.org/mail-archive/web/secdir/current/msg05662.html
Reviewed rev. 03 (document currently at 13)
Review result Has Issues
Draft last updated 2015-04-23
Review completed: 2015-04-23

Review
review-ietf-nfsv4-layout-types-03-secdir-lc-salowey-2015-04-23

Do not be alarmed, this document review is part of the 

security directorate's 

ongoing effort to review all IETF documents being processed by the IESG.  These comments were written for the benefit of the document editors, WG chairs and the security area directors.  Document editors and WG chairs 

should treat these comments just l

ike any other last call comments.

I believe this document is ready with issues.  

The document discusses security requirements for pNFS layout types.  The document has significant discussions of security considerations, however I'm not sure its complete and I think it could be better organized.  The main places that need work are the security considerations section and the protocol requirements section.  

I'm not sure how best to break up the information between the security considerations and the rest of the document, but here are some suggestions.  

Security considerations - Different Layout types have significantly different security properties.  I think this should be emphasized in the security considerations section:

"Different layout types have significantly different security properties which need to be considered during their design and deployment.  For example, some layouts, such as the block layout type, can only enforce minimal security controls and require the client to be trusted to enforce additional access controls. "

The current security considerations section discusses fencing requirements.  Are there additional security considerations around the control protocol used to revoke access at the storage device?  It would seem that the integrity and availability of this channel is important.   Possibly the confidentiality of the channel is important as well.  

It would probably be a good idea to discuss the security requirements of the storage protocol as well. 

It would probably be a good idea to reference section 12.9 and 13.12 of RFC 5661.  

Are there cases where any contextual information needs to be communicated over the control channel (access control information perhaps)? 

This document does not include privacy considerations, but neither does RFC 5661, so I'm not sure it would be in scope.  

I'm new to NFSv4 and pNFS so if some of this isn't clear let me know and I can try to clarify.

Cheers,

Joe