Last Call Review of draft-ietf-nfsv4-layoutwcc-04
review-ietf-nfsv4-layoutwcc-04-secdir-lc-schwartz-2024-10-31-00
| Request | Review of | draft-ietf-nfsv4-layoutwcc |
|---|---|---|
| Requested revision | No specific revision (document currently at 07) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2024-11-19 | |
| Requested | 2024-10-29 | |
| Authors | Thomas Haynes , Trond Myklebust | |
| I-D last updated | 2025-04-23 (Latest revision 2025-02-07) | |
| Completed reviews |
Artart IETF Last Call review of -04
by Carsten Bormann
(diff)
Secdir IETF Last Call review of -04 by Benjamin M. Schwartz (diff) |
|
| Assignment | Reviewer | Benjamin M. Schwartz |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-nfsv4-layoutwcc by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/V36kcGuj9uPbmGL6g-HbwxJWSS0 | |
| Reviewed revision | 04 (document currently at 07) | |
| Result | Ready | |
| Completed | 2024-10-31 |
review-ietf-nfsv4-layoutwcc-04-secdir-lc-schwartz-2024-10-31-00
This specification is not highly security-relevant, and it does not have any content in its Security Considerations. In general, allowing file metadata, including size and ownership, to be desynchronized from the file contents, does carry significant security implications. For example, understating the size of the file could lead to a buffer overflow in an incautious client. If these considerations have already been addressed in another document, I think a specific citation to that text would be appropriate here.