Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp952133rwl; Wed, 5 Apr 2023 09:47:08 -0700 (PDT) X-Google-Smtp-Source: AKy350bG6kOpWruJCep68tgHQpWLxO5uTN6Pcf/yEvgeYZW0+rhVg/C4lAjsWC4MMGelDk1lagf5 X-Received: by 2002:aa7:c796:0:b0:500:2cc6:36da with SMTP id n22-20020aa7c796000000b005002cc636damr2746709eds.19.1680713228417; Wed, 05 Apr 2023 09:47:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1680713228; cv=pass; d=google.com; s=arc-20160816; b=iId3Xx15BhhpXRjtA2q4VDYFQ1TtMymodJvsFyYsxGEnhqgcKoJL3TV2fWaTWhFEaq sDYtm1evUN5WNUvRLqPT08/Sx9AEH2Va9OW0wf1+S9mBsj1Lh0PM6Gm1IrEBtuw76cQN HuHlzORfIZQRHsgqbtF2iCUC3o81XB3UgJR7kHN5lEuagJHG5WvRIrFh/dgeeJh+XZE+ SWV4RpjYa0y2O7PuZgc3ANXxc+/+aSJlgB3NsAD0kAdzpL73zua3tD13/fFhfdv/eYv3 VdFPvquDTXOfVBLX5t1iR+Ngv8XR7CdmU5dkQI2EHatsS4zVl3v0HCWKLuer3/O7C+QJ fAsQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :content-id:content-language:accept-language:in-reply-to:references :message-id:date:thread-index:thread-topic:subject:cc:to:from :dkim-signature:dkim-signature; bh=iTmmxFjbsrediHbq0GX0HUDSU8KbYHg0pivvxQrYoEk=; b=bzhfh2ndG95oieBSp57uogSc0rSMkSoPffQEMFI77M1LDOaqdwrXsfncEAPIqTQJLW bAZfcdY2vXYTDt+zi5qYlwQmbbcy0+pkKsKSn+0LBG3ng5jST/HxmGKODxv47lnM0BBA AGBUHM1X8JFn/x5NMozBxRa5DaoMgVf8eQN3Xd/yM2N/DSa4Mq5IMGVraNJ2Qg3gb3Ur Sh81dg0uIQeiNrXJZCBy2W5xGmr6g2pYPHpJL4UGGWe3scwFAejHGdi7mLkEOEWV4Llw u3yIRECbx/6dQIvYDnuw4EMO7ud2KZX2QKFPoFb6d+qMt1EN0xFP24Q+YjwZv0BtlIAk m9iw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=utxvXy4l; dkim=pass header.i=@oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=B2+V+3U9; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d17-20020a056402517100b00502100a53dasi1452213ede.405.2023.04.05.09.46.42; Wed, 05 Apr 2023 09:47:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=utxvXy4l; dkim=pass header.i=@oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=B2+V+3U9; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231580AbjDEQpX (ORCPT + 99 others); Wed, 5 Apr 2023 12:45:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51022 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229699AbjDEQpV (ORCPT ); Wed, 5 Apr 2023 12:45:21 -0400 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 336E710FA for ; Wed, 5 Apr 2023 09:45:20 -0700 (PDT) Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 335D2Ufb000450; Wed, 5 Apr 2023 16:45:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=corp-2022-7-12; bh=iTmmxFjbsrediHbq0GX0HUDSU8KbYHg0pivvxQrYoEk=; b=utxvXy4lgpBnaEDSVDnavIrZ03SO+wEji2U1fLJ1XjxuxOrwJAcOzzpXA9QYeid3oGgK EA3YfCDg4Pyqp/ISwk0XqlK1/msc8jgT4LDu7htdd6k0YjsHyCSfyv1FUYL4UsZJG1wN hkpM1sxFyml+tbpW0NtRrT9XdIS0P49JvT1FZorAzWhjZ26hji3yEb+gMw7cqrvqgSoi pwfvJr1UGyyHv4/TzTPDquMu1Zp8gA6L+6hgHINYrTx5wG676fehKI1lzSldADrXlah9 b+Zt6gCmlYTJXVAsCM5b2l+PjpQjTJXVY9VB3N+T7xayTlO0JUntFz5gFPkP4FRHVrqN QA== Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3ppbhc0yha-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 05 Apr 2023 16:45:04 +0000 Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 335G1ZaP002740; Wed, 5 Apr 2023 16:45:04 GMT Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02lp2042.outbound.protection.outlook.com [104.47.51.42]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3ppt3jvae1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 05 Apr 2023 16:45:03 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BIwyjOjpGmYJ8YZcHiomqpLUWf6rJIWWIDZZXzQO3OKGyRqq8yMZc++w6rCJQbSrcz+4cCa09ofxu0PKkqTGCkSTSEfdehYZ5/9pKzVezhZbsQbsdVyreQisOQ6p1j3hvHmv2f6ezSdT0HvVM0Ix5H6W3oJUv33df0KmNGicRfbecUuriUOWQywcAQnJ8hM6MGu/sxL/JZaVNcv4UfLn6uH/zZF2+A9vt0IUzA+nEUE2YLy6EYzTT1SISmKnq9CB4mDy2wGpEfrJH1e9tjJnctbXEhAh7KM+GOuuR2ltmUMnEmgcsFuUmSZW9iRgAT4y6jeBg8f94BhoYomKh3q1Og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iTmmxFjbsrediHbq0GX0HUDSU8KbYHg0pivvxQrYoEk=; b=ROWvLM5rl3E6/6U+jNTj4G9tPp1vPCxRatnWbpXcYExOAMwB6QUImSjTPcC5jdNjPLxsFfbUXDrrFW0zP6+/4ay7kp4gahVaPBCvrjoGiFyRLhGj50HOwDNd+j6XA+tj9dznBzL0Dqcmat2MqSE1BXNkNkDcBVPFr7tsosBFkv82mxLhRk8Yp4KQIstrg0G5LRCoUdtnNXnADVFN9mEUTgCdN4Zyw4x0eE121oIJ1rCdYeizG6r26TsB6XY4iSP8ktpn5TrHYKaPRIQWxkRVIhHkimnFeYznGDI58br29w47zXDNKqrCSOExOQvC6H1D55t8jk6PSI9fmIv0qegspw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iTmmxFjbsrediHbq0GX0HUDSU8KbYHg0pivvxQrYoEk=; b=B2+V+3U9v7B4kdNkP0dbL3wByCZn5s/y018AR454kJtvjD3VL2Mf5PeVPnwh95hQlvic86dUAoHC91uk0pTbPScOZP/eQdO2yhPON3tLijLcOK+xsUcjW9fNon1PdeYZ2z+/SWt1QzNShmOd7MkB38sQwlCJwW6yRr/Rw0tzaQA= Received: from BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) by MW4PR10MB6656.namprd10.prod.outlook.com (2603:10b6:303:227::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.35; Wed, 5 Apr 2023 16:45:01 +0000 Received: from BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::ecbd:fc46:2528:36db]) by BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::ecbd:fc46:2528:36db%7]) with mapi id 15.20.6254.035; Wed, 5 Apr 2023 16:45:00 +0000 From: Chuck Lever III To: Steve Dickson CC: Chuck Lever , Linux NFS Mailing List , Rick Macklem , "kernel-tls-handshake@lists.linux.dev" Subject: Re: [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS Thread-Topic: [PATCH v2 0/4] nfs-utils changes for RPC-with-TLS Thread-Index: AQHZYkfyXVf2UZl2IkChqQGwU7OVd68c9gaAgAABSYA= Date: Wed, 5 Apr 2023 16:45:00 +0000 Message-ID: References: <168009806320.2522.10415374334827613451.stgit@manet.1015granger.net> <1c59beaf-63b6-ee39-b339-339a0c7e72b9@redhat.com> In-Reply-To: <1c59beaf-63b6-ee39-b339-339a0c7e72b9@redhat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3731.500.231) x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BN0PR10MB5128:EE_|MW4PR10MB6656:EE_ x-ms-office365-filtering-correlation-id: d76ddf7e-7ca4-433a-2d11-08db35f51910 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vE2cCb2NWFxpsieVSmHlp3XbBZL6i045CcaBR51i8VC/6gtZGCoayY0OyK8sgB1D21+VjTkOQOweGJETdH7QK0KB82KiSzN1EMfHxegD4lG2TMjAUs317UX7hrE/7YZfSEav3JNY6MRlIORZ09PC6HC4H/HlXM/TdR7v3uU+u3//64UlR2/JGB0/QFAhHAnzlwI0Bsx+U07nRXopzfCcmBzFAjozymYR1/2w75X6Q/CV73bO01LKg4wtcCVJh+j882a7ouUiyski2a3f1vA7a5PyA5mH04T3j0aKvfX4gNkbFxVC7T5Mn5jeGijHe/HD2LOjshe3ahKK1QUWaMn8adSMX05AmdC6gme76CzkA4lR+ZTNJhThqT4+KFNu5rSa5QKvnfVFh3OxSt80dhAxSQltoYAX2bbBJDJ+dyC/YNwVU96bNyq5As36mT4JGCMiDcdlYB3VJaz6tkSGooyFuowNI26l92ZUU44Jfbv5L+sp/5DzHY2X7p97wdU8+KN0YsOm8kJP13sJqI9DHuJVA3hM1n/mvfbHfiliwUk3iWvtSD0m9he3nkfqwHfa6ldl+T4NNHOrzEMnsfzBeaN/Sly6gxDsNFGU7SEkmfCCrwWbSPdcYRD7cheHmlTb9F96Nf5Tsva4EKNHiSYybr9kcQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0PR10MB5128.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(39860400002)(346002)(366004)(136003)(376002)(396003)(451199021)(2616005)(91956017)(83380400001)(41300700001)(6486002)(5660300002)(966005)(478600001)(71200400001)(316002)(186003)(6506007)(54906003)(26005)(6512007)(53546011)(2906002)(38100700002)(122000001)(33656002)(36756003)(66556008)(66476007)(66946007)(6916009)(4326008)(8676002)(64756008)(66446008)(76116006)(86362001)(38070700005)(8936002)(45980500001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?zKZbNpCLSHnxzTgTc3tRr0gNSCBD7VplqHRABo51ihZiDcHsrIQBTPdtw+ZN?= =?us-ascii?Q?i5fa7x4HBuVYmUJ50N7T8jTpaCxdnLAUiAlsk+ASVFZZxoP4Ih8WJIezhLBZ?= =?us-ascii?Q?jUmDc4hHt0bj/QNA1PFkxMXAUu0TTWPstYeK98nuF2uk4YS7n31oORsYPTJt?= =?us-ascii?Q?PZBKTKKZeKv2OOZjaglAXkk8nA4H5WMRuxM/O0QO/AHe/4jNz6NY5qlbPM8i?= =?us-ascii?Q?WmJPuW6uBaYBZ2NpuMs8NOOXNZAXAdjtRBiz5KzhPKZGQ5FUyJylwAsZztJt?= =?us-ascii?Q?VMLJMygT35rXtRlv/M/ElDM8vo5nYeBLC1rnSskou+pwZeE6Vfv3PZWeTsHx?= =?us-ascii?Q?VEvyoblAZa271bwd/H59u7i7hzO72cgQgkMlntrLsSkm3afpKF/eUrIgmUKo?= =?us-ascii?Q?yDxwXJi60CcbDlXljzlZ0kCjXKam6tMJUXJu4o+8H9PzU/ypV7cmm4KXMmDb?= =?us-ascii?Q?CMAnIPLeaPY1EUmS+0Z+h9YuFBUXAInotXY3lKwc73LY2ecZ0T8CPgCpr//J?= =?us-ascii?Q?F816vKVAK1Qv7CAtz7N0no57YH5++cCyrP3vgtSy3KRCbaRNguZwIOQNw5Io?= =?us-ascii?Q?EAnreRx6vzJ9XNjKWGpUmFdx5h7rCJCek7MsltCzstTSkLISBr9XR4V4XzhQ?= =?us-ascii?Q?rLQ6n66L8aBhh1NHjKVu7moPFaFhh1gdXGR3Pgd0ZCwABHPyEEYbgllB9CNC?= =?us-ascii?Q?IAfR0WuXC+F0QYlwBYP9Qe5+4aKwtEcILIY6ZfjFBvQPg59yF/9WEcqp0gKF?= =?us-ascii?Q?ZLBqwT72DjftVhHWQdHUAzDfWfNeWajI+UyMdYtVucr1TZP6etl8Wzgg7zzb?= =?us-ascii?Q?aWiNZ1pmjHHCSxySrR7y791M7pKQyclzBDwzbFXbu6vMvxSbr4jTiV+jJEdS?= =?us-ascii?Q?LEbvB7W4LPJuxZ2oKD5lY7nsgyMjifPjKGL/RLnXToI2QQLHbrddSslDATyc?= =?us-ascii?Q?41sptECRw+YwB/vV63heYcjLlIBWvP8qc+oZVErau+76ZQVjST1DWC6vs4MS?= =?us-ascii?Q?Juy66W6XOa1sVHepts1QasBFqWnMa0qDI9onnueZaIBNyxNnTYByEMje1r0r?= =?us-ascii?Q?QEAowKyRNQsB55GOx9cYqtfRjHviOV8M1bGFTBTO6KNc7sRlNGA/4uPMM/cX?= =?us-ascii?Q?SyCo3tNf2TjeVCHBGfdYKWMu+I2Ot0sd++jkiQbChBjytTSgTiFKPW5AMB5T?= =?us-ascii?Q?8hX8mFzkCrmrLVv1cQ6y7RnJG3+6zu1xn8aFCwGF+SkXlWDD7F/g/saI5MPb?= =?us-ascii?Q?h+ttg3LK5IpNQOULM/WKQi5hYUTgsmi/1QUg7gbThM1MaDT6vPfbuR3oUUqy?= =?us-ascii?Q?Y21sDUAHsT6litQPSZjDFeNRt1pypE91dwnw6ivBWKtB51SnKc0g6bhkKeCy?= =?us-ascii?Q?RdEMjXtI4JljMzNnWIGC4oezX0VbT+XCT2FoU+bSX5eIVxXk/HhZvAbYIEoO?= =?us-ascii?Q?9L0D/wqEh5rEvOz99NpXJxvaPL1vYizpv2AYTZAXhQYXtbKU5XsT7BrO4XT5?= =?us-ascii?Q?MUL8gEZQitS0YkRk5jp6dlqiMgutlnvfi9BSDIHDOm+4wEjT7n+mw6lxtYVF?= =?us-ascii?Q?HSmJ2T82OmIIh1A2XiS50ywq5MM2YmYdok52syABEBbSlMXJL3sBw09eXO2j?= =?us-ascii?Q?Xw=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-ID: <739A24F57E7F7A4DAC3123B492F9ABA4@namprd10.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: bUNAHosRoRo0QSo614a2RKzfk6Ju8zy7Q8aufOfTb6uQFRpm13B2ArRigTkJ4jXddCAD78IUZqTtqCqnoGEcEaCwkKWv6yOq5e65hxe9MgaVHzgtu/L2lGxdas6UCojNY2lwv+Utx3/+YxJvBEIg5O2yKZ/qzLTzm9J5uUNy85Q5wLEXl6r46Z2rhfHu4gOaRM7RWN08pfQBW3/xu0tipuTR5zjqXpMjXw8lmHPbRHUNCa+Hi8rJKwdm//y7we+SXds3tltbgZ7GmKed1oxktA4MQcwQcq7jMynKqEiARlbNQ82ekUlPgqWE9cTk5nkPlNAq2dC+awOz9h60kyxOvUfwy5+H/fJ7Y390t0SlBW79i4FgzkVCPSsGwYW+SceoSlRdQkdOO7ogvEzPzTIwP72G4AqU7uLwW4lCgzyPB3wNKskgl/Fha6w2kia2LHTOgOM0zvKkuJW0+oKqKu7zK6WUCAIucz52ejeAO7hwonjOGDSJXu+dEfhq0fkSi3dRZ3yaJOFvq09ad2+qPrhBrfDuhOwPiAx3CqO2NtfhsEy9W/7g318K6MUMpSS5pRIWQtY1086TV6XxAnY2KVA+HjZazxBQXtoaLY36l01xUzzhn5mYTf0stG4EsYpuPkFqMlqDXHh8sEEuJ8rlQA+5CRkChcQA8pcweI5jUBGuWfbVAGBQv28bVBSQXXDeijFc+UQlEN/YdiFe/EgAz5PfWNtCe93Czo5XAjT3YQGzR6E1KP0Shoe/Rc1nCJD4XvaZtBtNfJXfjtkPsJXqDvcSoaobOhT94ZQ47OtHvmVCfJVDow84xzQSp5LTngsUG8BVeHEQNLIgtB5cTjcCuZD9aNGzC1nOsWWrVfY6lisEtOc4MCyyBVyXnYj36FeNIccu X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d76ddf7e-7ca4-433a-2d11-08db35f51910 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2023 16:45:00.6804 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: m53iJ4hdKDNCypqU4qIEMbwHhf5js1f0mwn1TSdQeprn4L2lDahzpOawMGpOlNA3JZWUa2CZlgkcftiAcOr+fw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR10MB6656 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-05_11,2023-04-05_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 adultscore=0 phishscore=0 bulkscore=0 mlxscore=0 malwarescore=0 mlxlogscore=902 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304050151 X-Proofpoint-GUID: HTjfON9dTByMp76ASBq3mNk2VdEfvGoJ X-Proofpoint-ORIG-GUID: HTjfON9dTByMp76ASBq3mNk2VdEfvGoJ X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org > On Apr 5, 2023, at 12:40 PM, Steve Dickson wrote: >=20 > Hey Chuck, >=20 > On 3/29/23 10:08 AM, Chuck Lever wrote: >> Hi Steve- >> This is client- and server-side nfs-utils support for RPC-with-TLS. >> The client side support at this point is only a man page update >> since the kernel handles mount option processing itself. >> The server implementation can support both the opportunistic use of >> transport layer security (it will be used if the client cares to), >> and the required use of transport layer security (the server >> requires the client to use it to access a particular export). >> Without any other user space componentry, this implementation is >> able to handle clients that request the use of RPC-with-TLS. To >> support security policies that restrict access to exports based on >> the client's use of TLS, modifications to exportfs and mountd are >> needed. These are contained in this post, and can also be found >> here: >> git://git.linux-nfs.org/projects/cel/nfs-utils.git >> The kernel patches, along with the handshake upcall, are carried in >> the topic-rpc-with-tls-upcall branch available from: >> https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git >=20 > Just wondering if these patch should wait until the kernel > patches reach mainline (aka rawhide)? The kernel changes do not require these, they add more features. Thus I don't think it's harmful to let them wait for the kernel patches. For testing, Jeff has set up a Fedora COPR with these, the ktls-utils package, and an updated kernel. What could be checked now is whether these nfs-utils changes will break something on pre-TLS kernels. > steved. >=20 >> Soon I hope to compose a new man page in Section 7 that will provide >> an overview and quick set-up guidance for NFS's use of RPC-with-TLS. >> Changes since v1: >> - Addressed Jeff's review comments >> - Updated nfs.man as well >> --- >> Chuck Lever (4): >> libexports: Fix whitespace damage in support/nfs/exports.c >> exports: Add an xprtsec=3D export option >> exports(5): Describe the xprtsec=3D export option >> nfs(5): Document the new "xprtsec=3D" mount option >> support/export/cache.c | 15 ++++++ >> support/include/nfs/export.h | 14 +++++ >> support/include/nfslib.h | 14 +++++ >> support/nfs/exports.c | 100 ++++++++++++++++++++++++++++++++--- >> utils/exportfs/exportfs.c | 1 + >> utils/exportfs/exports.man | 51 +++++++++++++++++- >> utils/mount/nfs.man | 34 +++++++++++- >> 7 files changed, 219 insertions(+), 10 deletions(-) >> -- >> Chuck Lever -- Chuck Lever