From: Christoph Hellwig Date: Tue, 12 Dec 2023 18:33:33 +0000 (+0100) Subject: security considerations update from Dave Black X-Git-Tag: draft-ietf-nfsv4-scsi-layout-nvme-06~1 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e4c88bb28d2b4ba7d828197ef8a532cfb51abfc4;p=users%2Fhch%2Fscsi-layout-nvme.git security considerations update from Dave Black --- diff --git a/scsi-nvme.md b/scsi-nvme.md index ef2d2b0..0c91ffa 100644 --- a/scsi-nvme.md +++ b/scsi-nvme.md @@ -318,23 +318,30 @@ Refer to {{Section 2.4.6 (Extents Are Permissions) and Section 4 (Security Considerations) of RFC8154}} for the Security Considerations of direct block access from NFS clients. -pNFS with an NVMe layout can be used with NVMe transports -(e.g., NVMe over PCIe {{NVME-PCIE}}) that provide -essentially no additional security functionality. Or, -pNFS may be used with storage protocols such as NVMe over TCP {{NVME-TCP}} -that can provide significant transport -layer security. - -It is the responsibility of those administering and deploying -pNFS with an NVMe layout to ensure that appropriate protection is -deployed to that protocol. -When using IP-based storage protocols such as NVMe over TCP, data -confidentiality and integrity SHOULD be provided for traffic between -pNFS clients and NVMe storage devices by using a secure communication -protocol such as Transport Layer Security (TLS) {{RFC8446}}. For NVMe -over TCP, TLS SHOULD be used as described in {{NVME-TCP}} to -protect traffic between pNFS clients and NVMe namespaces used as -storage devices. +pNFS with an NVMe layout can be used with NVMe transports (e.g., NVMe +over PCIe {{NVME-PCIE}}) that provide essentially no additional security +functionality. Or, pNFS may be used with storage protocols such as NVMe +over TCP {{NVME-TCP}} that can provide significant transport layer +security. + +It is the responsibility of those administering and deploying pNFS with +an NVMe layout to ensure that appropriate protection is deployed to that +protocol based on the deployment environment as well as the nature and +sensitivity of the data and storage devices involved. When using IP-based +storage protocols such as NVMe over TCP, data confidentiality and +integrity SHOULD be provided for traffic between pNFS clients and NVMe +storage devices by using a secure communication protocol such as Transport +Layer Security (TLS) {{RFC8446}}. For NVMe over TCP, TLS SHOULD be used as +described in {{NVME-TCP}} to protect traffic between pNFS clients and NVMe +namespaces used as storage devices. + +A secure communication protocol might not be needed for pNFS with NVMe +layouts in environments where physical and/or logical security measures +(e.g., air gaps, isolated VLANs) provide effective access control +commensurate with the sensitivity and value of the storage devices and data +involved (e.g., public website contents may be significantly less sensitive +than a database containing personal identifying information, passwords, +and other authentication credentials). Physical security is a common means for protocols not based on IP. In environments where the security requirements for the storage