Last Call Review of draft-ietf-nfsv4-scsi-layout-06
review-ietf-nfsv4-scsi-layout-06-secdir-lc-kent-2016-08-04-00

Request Review of draft-ietf-nfsv4-scsi-layout
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-07-12
Requested 2016-06-30
Draft last updated 2016-08-04
Completed reviews Genart Last Call review of -06 by Joel Halpern (diff)
Secdir Last Call review of -06 by Stephen Kent (diff)
Opsdir Last Call review of -05 by Victor Kuarsingh (diff)
Assignment Reviewer Stephen Kent
State Completed
Review review-ietf-nfsv4-scsi-layout-06-secdir-lc-kent-2016-08-04
Reviewed rev. 06 (document currently at 10)
Review result Ready
Review completed: 2016-08-04

Review
review-ietf-nfsv4-scsi-layout-06-secdir-lc-kent-2016-08-04












I
          reviewed this document as part of the security
          directorate's ongoing effort to review all IETF documents
          being processed by
          the IESG.

  

These
          comments were written
          with the intent of improving security requirements and
          considerations in IETF
          drafts.

  

Comments not
          addressed in last
          call may be included in AD reviews during the IESG review.

  

Document editors and WG
          chairs should treat
          these comments just like any other last call comments.




 




This
          document the SCSI
          layout for Parallel NFS (RFC 5663). It appears to update that
          RFC (see the last
          paragraph on page 3), although the header does not indicate
          this.




 




In section
          1 the text
          refers to a SCSI device “signature” but does not define this
          term.




 




Section 2.1
          describes the
          security responsibilities for clients, and notes that the
          Security
          Considerations section (4) provides an expanded discussion.
          The bottom line is
          that SCSI layout pNFS is not recommended for use in contexts
          where clients
          cannot be trusted to enforce file access controls.




 




I did not
          review later
          parts of Section 2.




 




Section 3
          reiterates the
          fact that SCSI layout pNFS relies on clients to enforce access
          controls and
          locks at a granularity finer than a device. For example, the
          architecture
          relies on client software to not try to access blocks on a
          device other than
          those to which the metadata server has granted access.




 




Sections
          3.1 and 3.2
          provide additional descriptions of the security assumptions
          and limitations
          associated with SCSI layout pNFS.




 




The

  

Security Considerations
          section consists of
          two paragraphs. The first reminds the reader that NFS security
          mechanisms may
          not be available in the SCSI layout pNFS context, because it
          operates at a
          lower layer than NFS. This mode of operation for pNFS may be
          insecure, or may
          be afforded good security, depending on the underlying access
          protocols. iSCSI
          (RFC 7143) is cited as an example of the latter.

  

The second paragraph
          reiterates the warnings
          that appeared earlier in the document, noting that this mode
          of pNFS is not
          suitable for all environments.




 




I think the
          discussions of
          security provided by this I-D are appropriate and clearly
          written.