Last Call Review of draft-ietf-nfsv4-umask-03
review-ietf-nfsv4-umask-03-secdir-lc-hallam-baker-2017-05-26-00

Request Review of draft-ietf-nfsv4-umask
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-05-12
Requested 2017-04-28
Draft last updated 2017-05-26
Completed reviews Opsdir Last Call review of -03 by Zitao Wang (diff)
Secdir Last Call review of -03 by Phillip Hallam-Baker (diff)
Assignment Reviewer Phillip Hallam-Baker
State Completed
Review review-ietf-nfsv4-umask-03-secdir-lc-hallam-baker-2017-05-26
Reviewed rev. 03 (document currently at 05)
Review result Ready
Review completed: 2017-05-26

Review
review-ietf-nfsv4-umask-03-secdir-lc-hallam-baker-2017-05-26

Reviewer:
​Phillip Hallam-Baker

Review result:
​OK but...​


I reviewed this document as part of the Security Directorate's
ongoing
effort to review all IETF documents being processed by the IESG.
These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: Review of draft-ietf-nfsv4-umask-03
Reviewer:
​Phillip Hallam-Baker



Review result:
​OK but...​


This particular draft looks OK to me. Aligning the semantics of NFS with
the semantics of the file system seems to me to be absolutely the way to go
forward. I am not sufficiently experienced in the semantics of NFS or Unix
as deployed to be able to offer an opinion on whether the draft achieves
that. However it appears that the author does.

​What is problematic here is that the Security Considerations in the draft
are essentially relying on those in rfc7530 which are woefully inadequate
given the critical role of NFS in Internet security. They are not so much a
security plan as a collection of random thoughts jotted down in haphazard
fashion.​

There is clearly no coherent model of what NFS security should achieve,
what the threats are, what controls are deployed to control them. Also note
that the main reason this review is late is that I have been dealing with
issues arising from WannaCry which used an SMB:1 exploit. Re-reading
RFC7530 in the light of that experience gives me grave concern.