Re: [bmwg] Proposal - Benchmarking Methodology for Network Security Device Performance draft

"MORTON, ALFRED C (AL)" <acm@research.att.com> Wed, 12 August 2020 20:17 UTC

Return-Path: <acm@research.att.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D1F03A0B4F for <bmwg@ietfa.amsl.com>; Wed, 12 Aug 2020 13:17:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.796
X-Spam-Level:
X-Spam-Status: No, score=-1.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAXPlCkR098r for <bmwg@ietfa.amsl.com>; Wed, 12 Aug 2020 13:17:35 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30D263A0B55 for <bmwg@ietf.org>; Wed, 12 Aug 2020 13:17:35 -0700 (PDT)
Received: from pps.filterd (m0049287.ppops.net [127.0.0.1]) by m0049287.ppops.net-00191d01. (8.16.0.42/8.16.0.42) with SMTP id 07CKCbDB018696; Wed, 12 Aug 2020 16:17:34 -0400
Received: from tlpd255.enaf.dadc.sbc.com (sbcsmtp3.sbc.com [144.160.112.28]) by m0049287.ppops.net-00191d01. with ESMTP id 32vnf1ak0f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 12 Aug 2020 16:17:34 -0400
Received: from enaf.dadc.sbc.com (localhost [127.0.0.1]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id 07CKHXBu122521; Wed, 12 Aug 2020 15:17:33 -0500
Received: from zlp30497.vci.att.com (zlp30497.vci.att.com [135.46.181.156]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id 07CKHU37122477 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 12 Aug 2020 15:17:30 -0500
Received: from zlp30497.vci.att.com (zlp30497.vci.att.com [127.0.0.1]) by zlp30497.vci.att.com (Service) with ESMTP id 33F774016997; Wed, 12 Aug 2020 20:17:30 +0000 (GMT)
Received: from clph811.sldc.sbc.com (unknown [135.41.107.12]) by zlp30497.vci.att.com (Service) with ESMTP id 0D9844016999; Wed, 12 Aug 2020 20:17:30 +0000 (GMT)
Received: from sldc.sbc.com (localhost [127.0.0.1]) by clph811.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id 07CKHTjF118242; Wed, 12 Aug 2020 15:17:29 -0500
Received: from mail-azure.research.att.com (mail-azure.research.att.com [135.207.255.18]) by clph811.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id 07CKHLM0117637; Wed, 12 Aug 2020 15:17:22 -0500
Received: from exchange.research.att.com (njbdcas1.research.att.com [135.197.255.61]) by mail-azure.research.att.com (Postfix) with ESMTP id 9B92310A191D; Wed, 12 Aug 2020 16:17:20 -0400 (EDT)
Received: from njmtexg5.research.att.com ([fe80::b09c:ff13:4487:78b6]) by njbdcas1.research.att.com ([fe80::8c6b:4b77:618f:9a01%11]) with mapi id 14.03.0468.000; Wed, 12 Aug 2020 16:17:20 -0400
From: "MORTON, ALFRED C (AL)" <acm@research.att.com>
To: "bmonkman@netsecopen.org" <bmonkman@netsecopen.org>, "bmwg@ietf.org" <bmwg@ietf.org>
CC: "'Bala Balarajah'" <bala@netsecopen.org>
Thread-Topic: [bmwg] Proposal - Benchmarking Methodology for Network Security Device Performance draft
Thread-Index: AdZw05Qj3CCHyCysR3SctaivvczLLQAEQ+MQ
Date: Wed, 12 Aug 2020 20:17:19 +0000
Message-ID: <4D7F4AD313D3FC43A053B309F97543CF0140BC8B45@njmtexg5.research.att.com>
References: <00a301d670d3$c4403180$4cc09480$@netsecopen.org>
In-Reply-To: <00a301d670d3$c4403180$4cc09480$@netsecopen.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [69.141.203.172]
Content-Type: multipart/related; boundary="_004_4D7F4AD313D3FC43A053B309F97543CF0140BC8B45njmtexg5resea_"; type="multipart/alternative"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-12_16:2020-08-11, 2020-08-12 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 bulkscore=0 adultscore=0 phishscore=0 impostorscore=0 spamscore=0 lowpriorityscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999 suspectscore=0 malwarescore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008120125
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/HCTx2OBH2SBg5bTpk9G_q8KIaJE>
Subject: Re: [bmwg] Proposal - Benchmarking Methodology for Network Security Device Performance draft
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2020 20:17:39 -0000

Hi Brian,

Thanks for following through on this topic.

you wrote:
The subsequent parts would be drafts that would capture security requirements that would be added on to the first part. For example, a draft that would cover NGFW security requirements and a draft that would cover Network IPS requirements. These security requirement drafts would frequently reference the first draft and might, at times, require documentation of where deviations of the requirements contained in the first draft would be allowed.

I don't mean to be simplistic, but I don't see the term "benchmarking" in the paragraph above.
It seems to me that the draft had more detail or an answer to the question "is this benchmarking?" but I want to be sure the work is included in our charter as a first step.

thanks!
Al
bmwg co-chair


From: bmwg [mailto:bmwg-bounces@ietf.org] On Behalf Of bmonkman@netsecopen.org
Sent: Wednesday, August 12, 2020 2:10 PM
To: bmwg@ietf.org
Cc: 'Bala Balarajah' <bala@netsecopen.org>
Subject: [bmwg] Proposal - Benchmarking Methodology for Network Security Device Performance draft

Folks,

During the IETF 108 BMWG virtual meeting Tim Carlin presented on behalf of NetSecOPEN information on the work we have been doing. The discussion focussed mainly on the Network IPS test requirements we are planning on adding.

A comment was made that the draft was getting rather large. After some discussion we came up with an idea. I was asked to bring it up for discussion on this mailing list.

In order to move the draft forward and also to allow for continued movement on developing security testing requirements we are proposing splitting the draft into different parts.

The first part would be focussed on performance testing elements. We would expect this to be a stable for the most part and would be ready for IESG review soon, hopefully this month.

The subsequent parts would be drafts that would capture security requirements that would be added on to the first part. For example, a draft that would cover NGFW security requirements and a draft that would cover Network IPS requirements. These security requirement drafts would frequently reference the first draft and might, at times, require documentation of where deviations of the requirements contained in the first draft would be allowed.

I believe if these changes are acceptable to everyone we will have change the title of the first draft.

Please let me know if anyone has an issue with this proposal.

Brian

---------
Brian Monkman
Executive Director, NetSecOPEN
Office: +1-717-610-0808
Fax: +1-717-506-0460
Mobile: +1-717-462-5422

[cid:image001.png@01D670C3.A3BB40E0]
https://www.netsecopen.org<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.netsecopen.org&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=OfsSu8kTIltVyD1oL72cBw&m=UjnH8qu3pYPOFQJQR8K3n22Cf97aRrvN-W2ALQaFkZQ&s=uN-1N6ZoPq8H5iflqtW_5rt5Crd4CpdBYj9DlkCCYS0&e=>