Last Call Review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data-06
review-ietf-nfsv4-rpcrdma-cm-pvt-data-06-secdir-lc-sheffer-2020-01-26-00

Request Review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-01-27
Requested 2020-01-13
Authors Chuck Lever
Draft last updated 2020-01-26
Completed reviews Genart Last Call review of -06 by Suhas Nandakumar (diff)
Genart Last Call review of -06 by Suhas Nandakumar (diff)
Secdir Last Call review of -06 by Yaron Sheffer (diff)
Opsdir Last Call review of -06 by Niclas Comstedt (diff)
Opsdir Last Call review of -06 by Niclas Comstedt (diff)
Secdir Telechat review of -07 by Yaron Sheffer (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Review review-ietf-nfsv4-rpcrdma-cm-pvt-data-06-secdir-lc-sheffer-2020-01-26
Posted at https://mailarchive.ietf.org/arch/msg/secdir/hY6OTDbplzp9uONAvEjkcfa-N4A
Reviewed rev. 06 (document currently at 08)
Review result Has Issues
Review completed: 2020-01-26

Review
review-ietf-nfsv4-rpcrdma-cm-pvt-data-06-secdir-lc-sheffer-2020-01-26

The document defines limited parameter negotiation for RPC-RDMAv1, using a private message sent over the underlying transport protocol (e.g., InfiniBand).

The document is clear enough, until it comes to the Security Considerations. As a newcomer to this domain, there are several points that I fail to understand:

- The CM Private Data described here is not one of the messages of the RPC-RDMA protocol. So how can it "inherit the security considerations of the protocols it extends," - where this refers to RPC-RDMA?

- The next paragraph explains that the integrity is ensured by use of RC QP (whatever that is). But there's no mention of this entity in RFC 8166, which is supposed to define the security for this protocol. (Or in RFC 5042, for that matter).

- I am usually suspicious of pre-2010 RFCs that recommend IPsec as a per-protocol solution (RFC 5042, Sec. 5.4.3). Is IPsec deployed in real life to protect these protocols, and if so, does it also protect the new CM Private Data?

- And then after saying that integrity protection is ensured, we say that even if integrity was compromised and the parameters were modified anyway, no problem, this would only result in "self imposed denial of service". Even if true for the currently negotiated parameters, this cannot be true for every conceivable parameter that may be added in the future.