Skip to main content

Shepherd writeup

1. Summary

This docuument provides for the encryption of RPC transactions using
opportunistic TLS, extending RFC 5531, for which the nfsv4 working group is
also responsible.   The Shepherd is David Noveck and the Responsible Area
Director is Magnus Westerlund.  The working group anticipates that this
document will be approved as a Proposed Standard, as is appropriate given that
RFC5531 which it extends is currently a Proposed Standard.

2. Review and Consensus

This document has the support of the working group and has had extensive
discussion and review within the working group and considerable work in the
form of prototype implementations.   Although this document provides a
necessary building-block there has already been discussion about developing
policies for protocols at the level above RPC (e.g NFSv4) that might require
use of the mechanisms defined in this document to mitigate security weaknesses
in the handling of existing protocols for which the working group is
responsible.   These weaknesses include the very limited of support privacy
exposing much traffic to monitering and the pervasive acceptance of requests
using AUTH_SYS "authentication" from unauthenicated clients.

While the working group agrees that the approach taken here to improve RPC
security is an appropriate one, there have at times been worries about its
acceptability to the larger IETF community.   In particular, the fact that this
document seeks to limit the harm caused by use of AUTH_SYS (by provinding
encryption and client authentication), as opposed to outlawing or otherwise
denigrating it, has led some to wonder whether the current approach, while
technically sound, would encounter resistance from those who felt otherwise 
For this reason a number of reviews by the Security Directorate have been
scheduled, which found important issues which have been addressed in the
current draft.   As to the continued use of AUTH_SYS within NFSv4, it is now
generally accepted that that is a descision to be made in another document and
that the building blocks provided in this document are a desirable precursor
for the necessary later discussion.

3. Intellectual Property

Each author has confirmed conformance with BCP 78/79. There are no IPR
disclosures on the document.