Re: [bmwg] Secdir telechat review of draft-ietf-bmwg-b2b-frame-03
Mališa Vučinić <malisa.vucinic@inria.fr> Wed, 16 December 2020 17:59 UTC
Return-Path: <malisa.vucinic@inria.fr>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DCC83A0A70; Wed, 16 Dec 2020 09:59:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.196
X-Spam-Level:
X-Spam-Status: No, score=-4.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nL-Ix94MrlJn; Wed, 16 Dec 2020 09:59:04 -0800 (PST)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F1B73A0A4C; Wed, 16 Dec 2020 09:59:02 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.78,425,1599516000"; d="scan'208";a="367885128"
Received: from adsl-bb1-l35.crnagora.net (HELO [192.168.1.65]) ([95.155.1.35]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384; 16 Dec 2020 18:58:59 +0100
User-Agent: Microsoft-MacOutlook/10.11.0.180909
Date: Wed, 16 Dec 2020 18:58:57 +0100
From: Mališa Vučinić <malisa.vucinic@inria.fr>
To: "MORTON, ALFRED C (AL)" <acm@research.att.com>, "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "bmwg@ietf.org" <bmwg@ietf.org>, "draft-ietf-bmwg-b2b-frame.all@ietf.org" <draft-ietf-bmwg-b2b-frame.all@ietf.org>
Message-ID: <1EA8F16E-667E-4D55-80AB-E22591A6D720@inria.fr>
Thread-Topic: [bmwg] Secdir telechat review of draft-ietf-bmwg-b2b-frame-03
References: <160803178079.7403.9358014699248845740@ietfa.amsl.com> <4D7F4AD313D3FC43A053B309F97543CF014766EE92@njmtexg5.research.att.com> <5C525F90-FAB1-46D9-A399-8AB493345A48@inria.fr> <4D7F4AD313D3FC43A053B309F97543CF014766F108@njmtexg5.research.att.com> <CB567540-9150-4310-8251-9BAC0427C746@inria.fr> <4D7F4AD313D3FC43A053B309F97543CF014766FD79@njmtexg5.research.att.com>
In-Reply-To: <4D7F4AD313D3FC43A053B309F97543CF014766FD79@njmtexg5.research.att.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/7Eis8V-tEa3Rgdrz2og1s0F-rEk>
Subject: Re: [bmwg] Secdir telechat review of draft-ietf-bmwg-b2b-frame-03
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 17:59:06 -0000
Sounds good, thanks! Mališa On 16/12/2020 18:44, "MORTON, ALFRED C (AL)" <acm@research.att.com> wrote: Hi Mališa, Thanks for your proposed wording, it seems sufficiently neutral and with a few small tweaks, WFM. I see that Roman's COMMENT also supports this additional text. So, consider it part of the next version, and thanks for your help! Al > -----Original Message----- > From: Mališa Vučinić [mailto:malisa.vucinic@inria.fr] > Sent: Wednesday, December 16, 2020 7:22 AM > To: MORTON, ALFRED C (AL) <acm@research.att.com>; secdir@ietf.org > Cc: last-call@ietf.org; bmwg@ietf.org; draft-ietf-bmwg-b2b- > frame.all@ietf.org > Subject: Re: [bmwg] Secdir telechat review of draft-ietf-bmwg-b2b-frame-03 > > Al, > > I don't have a strong opinion on using the term "honesty" here. How about > this phrasing, just before the last paragraph in Security Considerations: > > The DUT developers are commonly independent from the personnel and > institutions conducting the benchmarking. > The DUT developers might have incentives to alter the performance of the > DUT if the test conditions are detected. > Procedures described in this document are not designed to detect such > activity. > Additional testing, outside of the scope of this document, is needed and > has been successfully used in the past to discover such malpractices. > > Mališa > > On 15/12/2020 20:22, "MORTON, ALFRED C (AL)" <acm@research.att.com> wrote: > > Hi Mališa, > please see below... > > > -----Original Message----- > > From: Mališa Vučinić [mailto:malisa.vucinic@inria.fr] > > Sent: Tuesday, December 15, 2020 9:21 AM > > To: MORTON, ALFRED C (AL) <acm@research.att.com>; secdir@ietf.org > > Cc: last-call@ietf.org; bmwg@ietf.org; draft-ietf-bmwg-b2b- > > frame.all@ietf.org > > Subject: Re: [bmwg] Secdir telechat review of draft-ietf-bmwg-b2b- > frame-03 > > > > Hi Al, > > > > Thanks, that is clear. I think that discussing the assumption of > honesty > > among the parties involved in benchmarking would be a useful > addition to > > the Security Considerations section in the draft. > [acm] > > I don't mind explaining the requirement using the term "honesty", but > I can only imagine raised eyebrows and subsequent DISCUSS/comments if we > try to assert a need for/assumption of honesty anywhere in the memo. > > Do you have suggested wording? > > Do others have opinions whether or not this is needed? > > thanks, > Al > > > > > Mališa > > > > On 15/12/2020 14:45, "MORTON, ALFRED C (AL)" <acm@research.att.com> > wrote: > > > > Hi Mališa, > > thanks for your review, please see below for one reply to your > > question (acm]. > > Al > > > > > -----Original Message----- > > > From: bmwg [mailto:bmwg-bounces@ietf.org] On Behalf Of Mališa > > Vucinic via > > > Datatracker > > > Sent: Tuesday, December 15, 2020 6:30 AM > > > To: secdir@ietf.org > > > Cc: last-call@ietf.org; bmwg@ietf.org; draft-ietf-bmwg-b2b- > > > frame.all@ietf.org > > > Subject: [bmwg] Secdir telechat review of draft-ietf-bmwg-b2b- > frame- > > 03 > > > > > > Reviewer: Mališa Vučinić > > > Review result: Ready > > > > > > I reviewed this document as part of the Security Directorate's > > ongoing > > > effort > > > to review all IETF documents being processed by the IESG. > These > > comments > > > were > > > written primarily for the benefit of the Security Area > Directors. > > Document > > > authors, document editors, and WG chairs should treat these > comments > > just > > > like > > > any other IETF Last Call comments. > > > > > > Thank you for this well-written document, it was a pleasure to > read > > and I > > > think > > > it is ready to proceed. Since the document updates RFC2544 > > benchmarking > > > procedure for estimating the buffer time of a Device Under > Test > > (DUT), it > > > does > > > not raise any security issues. Security Considerations section > is > > quite > > > clear > > > and it stresses that these tests are performed in a lab > environment. > > > > > > I do have a question regarding the last paragraph of the > Security > > > Considerations on special capabilities of DUTs for > benchmarking > > purposes. > > > Currently, the sentence reads: "Special capabilities SHOULD > NOT > > exist in > > > the > > > DUT/SUT specifically for benchmarking purposes." Why is this a > > SHOULD NOT > > > and > > > not a MUST NOT? Could you give an example when such special > > capabilities > > > in a > > > DUT are appropriate? > > [acm] > > We can only make a strong recommendation in this area. As > > testers/benchmarkers are often independent from the DUT developers > and > > conduct testing external to the DUT, we assume honesty among other > parties > > but we cannot require it. If someone constructed a DUT that > recognized > > test conditions and operated differently to perform better somehow, > our > > tests would measure the intended "better" performance. It takes a > > special/additional test effort to prove that a DUT has "designed to > the > > test" (consider Volkswagen and fuel efficiency testing [0]). > > > > We simply do not have any authority in this matter, but we can > let all > > parties know that gaming the test can be discovered and reported > (albeit > > with more testing that we do not describe). > > > > [0] > https://urldefense.com/v3/__https://www.consumerreports.org/fuel- > > economy-efficiency/volkswagen-used-special-software-to-exaggerate- > fuel- > > economy/__;!!BhdT!0KS_VCF5ZQfIGkVyPLoJXuAxdcoS3- > > xJTE0LoKZPWuSiHjQZM1u0H9M36YXByCk$ > > > > > > > > > > > > > > _______________________________________________ > > > bmwg mailing list > > > bmwg@ietf.org > > > > > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/bmwg__;! > > > !BhdT!1JFeLsENzMU- > ew89jxmJKxfp4wj5Zo3AZ6V8iULU3hWAentH1dymqJmDOvw7$ > > > > > > >
- [bmwg] Secdir telechat review of draft-ietf-bmwg-… Mališa Vučinić via Datatracker
- Re: [bmwg] Secdir telechat review of draft-ietf-b… MORTON, ALFRED C (AL)
- Re: [bmwg] Secdir telechat review of draft-ietf-b… Mališa Vučinić
- Re: [bmwg] Secdir telechat review of draft-ietf-b… MORTON, ALFRED C (AL)
- Re: [bmwg] Secdir telechat review of draft-ietf-b… Mališa Vučinić
- Re: [bmwg] Secdir telechat review of draft-ietf-b… MORTON, ALFRED C (AL)
- Re: [bmwg] Secdir telechat review of draft-ietf-b… Mališa Vučinić