Last Call Review of draft-ietf-nfsv4-rpcrdma-bidirection-06
review-ietf-nfsv4-rpcrdma-bidirection-06-secdir-lc-perlman-2017-02-02-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This draft concerns running NFS over RDMA (memory to memory access), and in
particular running RPC requests “in both directions” (client to server –
called forward direction – and callbacks from server to client called
reverse direction). The RFC claims to describe current practice rather than
to prescribe future practice, but it is intended to be Standards track,
which is a little odd, but I guess documenting what is current practice and
standardizing on it for the future is fine.



In any case, RDMA is a high performance protected channel considered to be
secure by its nature. If an RDMA protocol were run over a network tunnel,
it would be the responsibility of the tunnel to implement authentication
and encryption. And access rights of particular nodes and/or users is
defined in higher layers of NFS, and so is unaffected by the fact that this
is running over RDMA.



Bottom line is there are no security considerations. The security
considerations section refers readers to RFC5666bis (which is about NFS
over RDMA generally rather than the specific issue of callbacks). This
seems appropriate.


If I were to make one comment it's that I don't like the terminology
"backwards".  I might have used "reverse".  "Backwards" has a somewhat
negative connotation, and it's slightly confusing when discussing "Backward
Credits". I'd think a "backwards credit" would be taking away credits from
someone. "Reverse credits" would be just as bad, but perhaps
"reverse-direction credits" might be clear.


Radia