Shepherd writeup
draft-ietf-nfsv4-rpc-tls-11

1. Summary

This docuument provides for the encryption of RPC transactions using opportunistic TLS,
extending RFC 5531, for which the nfsv4 working group is also responsible.   The Shepherd
is David Noveck and the Responsible Area Director is Magnus Westerlund.  The working group
anticipates that this document will be approved as a Proposed Standard, as is appropriate
given that RFC5531 which it extends is currently a Proposed Standard.

2. Review and Consensus

This document has the support of the working group and has had extensive discussion and
review within the working group and considerable work in the form of prototype
implementations.   Although this document provides a necessary building-block there has
already been discussion about developing policies for protocols at the level above RPC
(e.g NFSv4) that might require use of the mechanisms defined in this document to mitigate
security weaknesses in the handling of existing protocols for which the working group is
responsible.   These weaknesses include the very limited of support privacy exposing much
traffic to monitering and the pervasive acceptance of requests using AUTH_SYS
"authentication" from unauthenicated clients.

While the working group agrees that the approach taken here to improve RPC security is an
appropriate one, there have at times been worries about its acceptability to the larger
IETF community.   In particular, the fact that this document seeks to limit the harm caused
by use of AUTH_SYS (by provinding encryption and client authentication), as opposed to
outlawing or otherwise denigrating it, has led some to wonder whether the current approach,
while technically sound, would encounter resistance from those who felt otherwise  For
this reason a number of reviews by the Security Directorate have been scheduled, which
found important issues which have been addressed in the current draft.   As to the continued use of AUTH_SYS within NFSv4, it is now generally accepted that that is a descision to be
made in another document and that the building blocks provided in this document are a
desirable precursor for the necessary later discussion.

3. Intellectual Property

Each author has confirmed conformance with BCP 78/79. There are no IPR disclosures on the
document.

Back