PSARC 2007/397 NDMP Service

Mark A. Carlson Mark.Carlson at sun.com
Tue Jul 3 07:18:48 PDT 2007 

Darren J Moffat wrote:
> Mark A. Carlson wrote:
>> I agree with your comments on the weak security in the NDMP
>> standard. Unfortunately, the "relevant standards org" is NDMP.org
>> and they have gone into hibernation for the most part. Attempts
>> were made to turn it over to IETF at one point, but that never went
>> anywhere. We are trying to start up a software effort in the SNIA
>> that could reawaken interest in this protocol. 
>
> Does this mean use of the protocol is dead or just development of it 
> from version 4 ?
Use of the protocol is very much alive. Development of it from version 4 
is happening
in the extensions. So far, they have been proprietary extensions, but 
regardless, they are
still being required for us to implement by the backup vendors. This 
results in a combination
of de jure and de facto standards that we need to comply with for NDMP.
>
> > The best approach would
>> be to create a Sun Vendor Extension on security like Network Appliance
>> has published here: http://www.ndmp.org/download/sdk_v4/extensions.shtml
>
> I don't think a vendor extension is useful in this case since unless 
> it is a standard and mandatory to implement part of the protocol it 
> effectively means weak security except between Solaris clients.  This 
> is exactly what happened with RPCSEC_GSS with NFSv3, it was mostly 
> only available between Solaris clients, with NFSv4 a GSSAPI based 
> authentication and transport confidentiality became mandatory to 
> implement.  The same thing needs to happen to NDMP.
We can put out a security extension as a Sun proprietary extension and 
get the backup vendors to
require it. That essentially makes it as enforceable as any of the other 
extensions they are requiring
device vendors to implement.  As the backup software comes through ARC 
review, we can add
the use of this extension as a requirement also.

As far as what the project team needs to do for this release, I think we 
should only require implementation
of what is already out there (MD5). Do you want to derail to document 
the additional security advice in an opinion?

-- mark

More information about the opensolaris-arc mailing list