Last Call Review of draft-ietf-nfsv4-rpcrdma-bidirection-06
review-ietf-nfsv4-rpcrdma-bidirection-06-secdir-lc-perlman-2017-02-02-00

Request Review of draft-ietf-nfsv4-rpcrdma-bidirection
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-02-07
Requested 2017-01-24
Draft last updated 2017-02-02
Completed reviews Opsdir Last Call review of -06 by Jouni Korhonen (diff)
Genart Last Call review of -06 by Meral Shirazipour (diff)
Secdir Last Call review of -06 by Radia Perlman (diff)
Genart Telechat review of -07 by Meral Shirazipour (diff)
Assignment Reviewer Radia Perlman
State Completed
Review review-ietf-nfsv4-rpcrdma-bidirection-06-secdir-lc-perlman-2017-02-02
Reviewed rev. 06 (document currently at 08)
Review result Has Nits
Review completed: 2017-02-02

Review
review-ietf-nfsv4-rpcrdma-bidirection-06-secdir-lc-perlman-2017-02-02

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This draft concerns running NFS over RDMA (memory to memory access), and in
particular running RPC requests “in both directions” (client to server –
called forward direction – and callbacks from server to client called
reverse direction). The RFC claims to describe current practice rather than
to prescribe future practice, but it is intended to be Standards track,
which is a little odd, but I guess documenting what is current practice and
standardizing on it for the future is fine.



In any case, RDMA is a high performance protected channel considered to be
secure by its nature. If an RDMA protocol were run over a network tunnel,
it would be the responsibility of the tunnel to implement authentication
and encryption. And access rights of particular nodes and/or users is
defined in higher layers of NFS, and so is unaffected by the fact that this
is running over RDMA.



Bottom line is there are no security considerations. The security
considerations section refers readers to RFC5666bis (which is about NFS
over RDMA generally rather than the specific issue of callbacks). This
seems appropriate.


If I were to make one comment it's that I don't like the terminology
"backwards".  I might have used "reverse".  "Backwards" has a somewhat
negative connotation, and it's slightly confusing when discussing "Backward
Credits". I'd think a "backwards credit" would be taking away credits from
someone. "Reverse credits" would be just as bad, but perhaps
"reverse-direction credits" might be clear.


Radia