Skip to main content

Last Call Review of draft-ietf-nfsv4-layoutwcc-04
review-ietf-nfsv4-layoutwcc-04-secdir-lc-schwartz-2024-10-31-00

Request Review of draft-ietf-nfsv4-layoutwcc
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-11-19
Requested 2024-10-29
Authors Thomas Haynes , Trond Myklebust
I-D last updated 2024-10-31
Completed reviews Artart Last Call review of -04 by Carsten Bormann (diff)
Secdir Last Call review of -04 by Benjamin M. Schwartz (diff)
Assignment Reviewer Benjamin M. Schwartz
State Completed
Request Last Call review on draft-ietf-nfsv4-layoutwcc by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/V36kcGuj9uPbmGL6g-HbwxJWSS0
Reviewed revision 04 (document currently at 05)
Result Ready
Completed 2024-10-31
review-ietf-nfsv4-layoutwcc-04-secdir-lc-schwartz-2024-10-31-00
This specification is not highly security-relevant, and it does not have any
content in its Security Considerations.

In general, allowing file metadata, including size and ownership, to be
desynchronized from the file contents, does carry significant security
implications.  For example, understating the size of the file could lead to a
buffer overflow in an incautious client.  If these considerations have already
been addressed in another document, I think a specific citation to that text
would be appropriate here.