[bmwg] FW: Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-13: (with DISCUSS and COMMENT)
"MORTON JR., AL" <acmorton@att.com> Wed, 02 February 2022 23:14 UTC
Return-Path: <acmorton@att.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0455A3A09A4 for <bmwg@ietfa.amsl.com>; Wed, 2 Feb 2022 15:14:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 276zNAmI5JwN for <bmwg@ietfa.amsl.com>; Wed, 2 Feb 2022 15:14:36 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E81EA3A0997 for <bmwg@ietf.org>; Wed, 2 Feb 2022 15:14:36 -0800 (PST)
Received: from pps.filterd (m0288872.ppops.net [127.0.0.1]) by m0288872.ppops.net-00191d01. (8.16.1.2/8.16.1.2) with SMTP id 212KROfU018316; Wed, 2 Feb 2022 18:14:31 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0288872.ppops.net-00191d01. with ESMTP id 3dyxtmt0hf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 02 Feb 2022 18:14:30 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 212NETSA030562; Wed, 2 Feb 2022 18:14:29 -0500
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [135.47.91.177]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 212NERu9030545 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 2 Feb 2022 18:14:27 -0500
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [127.0.0.1]) by zlp30486.vci.att.com (Service) with ESMTP id 7913F4005950; Wed, 2 Feb 2022 23:14:27 +0000 (GMT)
Received: from GAALPA1MSGEX1DA.ITServices.sbc.com (unknown [135.50.89.114]) by zlp30486.vci.att.com (Service) with ESMTP id 25C4240058F1; Wed, 2 Feb 2022 23:14:27 +0000 (GMT)
Received: from GAALPA1MSGEX1DD.ITServices.sbc.com (135.50.89.117) by GAALPA1MSGEX1DA.ITServices.sbc.com (135.50.89.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.18; Wed, 2 Feb 2022 18:14:26 -0500
Received: from GAALPA1MSGETA02.tmg.ad.att.com (144.160.249.124) by GAALPA1MSGEX1DD.ITServices.sbc.com (135.50.89.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.18 via Frontend Transport; Wed, 2 Feb 2022 18:14:26 -0500
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.46) by edgeal2.exch.att.com (144.160.249.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.18; Wed, 2 Feb 2022 18:14:06 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y5ymVq6IQhxivaowL7AqKuEes0eDG+MazYXr23aBRZEZRKNhk5ZkYI8LbHRdwRSVSJqjMsxTUYN1UM++w6zuGodc46pX/B4xryCKyNGoMF5ke+/oKaoH7oVLIayB88qLEQuTlcMIIWMHtC0HDD+mZJlXKY6UF1eQ0cHjPOqhSO89zCNoTvZuqnk3ctZQFnaK3ywTJ1RhYRIAevZ5KMcf2sxA4XFFuT+d2jPvqJvrcICOronVtZNcUpFd8+k9gGhREA2TDZH5rGlGrZ01jsYWgVC0oX+hnah5wdsQvzfulikWGyGd6vY6DaOlqTayQ75phe3N34amNZt1CEPDXIU/Og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nrIRejRwgQY3RKY3ruljbZ1XVNvlhpPObzdth//6ywQ=; b=QnTyeaT9Iaj8U3I+Ls0/ZP9JcjcJocsC6ODCMadCUDwRdz4Ihds+HLJt2F6aZM8O00CZKWpgIn4vqt9xb+VHiPVkZxv/MD92myNbkqIPB72rPAv8abijCle1hrIxj454tVsX8zZRoInIzMst+Z4kPP3gnbBg6ooF5pfCB9EXc0So6nIC+RHO9OO+/nP3VrUVMg3MPO1eLKOAiixgKuuNKQoWDZQtqNfPmmSyCt8OX2dQMlgQO7w+vIiQIs4evh+R4rSB75E+RsnA6EOEf7jpI+JIWBt2n8P9iSSPp+wTYPaXXpgW2KHzMQ1/xoMoWdvdTHaLQqwYah3LrT8jdw20Yw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nrIRejRwgQY3RKY3ruljbZ1XVNvlhpPObzdth//6ywQ=; b=hBm/laTjB0HHg50VQBh3vk8ag5Pe8LMHoMmEIMMhht2AAPufQCY5bnk2odv6R2Gzh/u4jngMvPNWUFjc8j3W/ON7+oZKjti9KjNDY1nPEvnAKojL01WGpJK+PHV+DOouUlQT5o8Fz4ZVvRIKQzgHMzxHmD90yRYcHaYbYHCGOOQ=
Received: from CH0PR02MB7980.namprd02.prod.outlook.com (2603:10b6:610:105::17) by DM6PR02MB4875.namprd02.prod.outlook.com (2603:10b6:5:12::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15; Wed, 2 Feb 2022 23:14:01 +0000
Received: from CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::cd34:2582:613:215b]) by CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::cd34:2582:613:215b%4]) with mapi id 15.20.4951.012; Wed, 2 Feb 2022 23:14:01 +0000
From: "MORTON JR., AL" <acmorton@att.com>
To: Carsten Rossenhoevel <cross@eantc.de>, "bmonkman@netsecopen.org" <bmonkman@netsecopen.org>, "bala@netsecopen.org" <bala@netsecopen.org>
CC: Sarah Banks <sbanks@encrypted.net>, 'Warren Kumari' <warren@kumari.net>, "bmwg@ietf.org" <bmwg@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-13: (with DISCUSS and COMMENT)
Thread-Index: AQHYGIXRyWVUJnb9L0qEJMdv2FbaPqyA3cLA
Date: Wed, 02 Feb 2022 23:14:01 +0000
Message-ID: <CH0PR02MB798001C2AE648557231EA114D3279@CH0PR02MB7980.namprd02.prod.outlook.com>
References: <164384157725.26994.16348654460944534798@ietfa.amsl.com>
In-Reply-To: <164384157725.26994.16348654460944534798@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0ba46bde-ec21-4b80-316f-08d9e6a1b307
x-ms-traffictypediagnostic: DM6PR02MB4875:EE_
x-microsoft-antispam-prvs: <DM6PR02MB487562C3A0B8B32D0C78D43ED3279@DM6PR02MB4875.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UcO/b1HQTGwUhxMii3N7O5Vt08KAp0K6/IJUCiWxP/6b/bzuNMRj8+9bhRkYze2FTayZ8KCVJwWCQMa3+SppBAKOn6+Ti135NOMBYsgqb5+lCin5orw7/47KTniP2JstvHU01wDRAqhGitQCo9lhUB0dv5gMei8kF1e/5H3HZ1dwF5WARzAn6GVI45Y13jx6BpiR21pepCkwfeVPuwKPEU4S1fEfWz2ttcLz0rwN16ySkrkoUBBRnca9al6RQkNphkUu+GyHrPO6rCT0dMIWFT1iB3cGN2wAb3WclI65VzJ7X6PhDp5WAoB3gXGu9XW79E9d902Ehlrlzaf6P9rZDHboUyrW2Lk8B0BCA7w9sTjkH/gF7Kl+g9AYl52DmWg1arleaxqlsrj9CmUkBYzSw2dTgM58wSdzIfSswsjMmuB1qq6aX5kHQ9ZxqVJ8INj1KRGCRNKpH4XOnow0Om2gdCv4oenW936onSO+FkqbKdT8rP3ggZziLwjWjlc3BbmnVYPj6+3NEe7guiL+as3MwqE25NOPCwcSY2DXSUFfszhOnh+1MozBzC2TOZQ2BjOXuKFBJI7O8SfzBsfrfXBmvePZoDZj9pO6Z3+Gv6mEMME34g8fV4RvlzzAybpiknxb5Mri+o2SET9R6n7Td+e9lhrK9oF+yqKMurFaIs4JwxU2kFm+yLmZ86gWTrKGNvrJdNUcWAkc3sKMHkNrR7CXZS1n+n+VeQ0mTwvqc5iLpkIo8t9P5OpvD9l+/Ru6rcfTk915vOCchtDWKxwxA9rEXCcVLrRYhADFiDpiNy4f/iY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR02MB7980.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(52536014)(66476007)(64756008)(71200400001)(8676002)(8936002)(110136005)(316002)(66556008)(508600001)(66446008)(54906003)(9686003)(82202003)(83380400001)(26005)(186003)(76116006)(2906002)(4326008)(66946007)(966005)(66574015)(33656002)(55016003)(38100700002)(38070700005)(86362001)(6506007)(53546011)(7696005)(5660300002)(122000001)(82960400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Pm/XlVg7cE0vP3XzwCc0PKRaWff9nj4GfnAu1mIYcO0AcFGVxLqdDW9Yq216TBGbTfMJssIi6tU2O5+UB/2rELImMZQFuGM2xBk9NWZt0FzuMRNaTgFWHuJUNTN9JaixnWcInyiGVIujk+mY+WPZt1fJvo4KIU3IdNNTuz9VkiYlyesxS+wU3Q4Qe1fQiFl0RFctuYQ7Q5q6VZByATPlsIG9TuHb0I6sJocfU/4+fU7FWGYr645UOIEp+36+RwVSZ+WhPL/dAgP65T8SLFglfTMJBqBMvkT/xpLE3HEazSMzvWNBxykQCfAUBFBUEZWMO0KQPLRRxgTjw4hQm8l0j/glr+Rno2CeO7fwH6074Oy4KibrFrYiUuNkmAcqPotIlZiEI5+jyNTwCPDDX+gK+tS4jUo3yQON1/f3m9QLKQkjTRzJxyawU+kEMMeF+SrKWIcxtnafZAyt+tyuRbzaKraGSJ+kmgJE+gIdv0UnNeveuVQ3mZ8PuUlKJl3vItmqkLnQpTqZujt2QsJqA+MQLVYNgRndW4Cc2Ld/5rLYHlhOzc3XF3Tyi+GGtosWKtGMHW4g7H2jPa8qycyuHkJOzfxhN00pOtZQToy5aq+y+pKMLWJdvh8Dq/SCBaZ30eazjuY9Qd6mJ9PEIuu5cdzcGGmEcL45ek7n7EWLc7eFQl5j2nq99hVjqvJ9Zo2EMtMav9kiQz1wWDpaktVBMiOZUPIeI9ZXPjULudAcYFX3Bal6B58DFLuWtU/3B9BU7YQsKzxPli9eFrT0s5RHHBj86aMq7nevw5RiRg8Wfyr1lfybUybKnwYk+aAD0EJbe6DgOz/pTOuaAkNMcLaQcDH8Nsk/nPxcyY59ojMyofT9Alg1XPLa8n48iHlrvm9iSh2ImZSV4Ud2RrntNDrjv8uAM2N6DiauJEfc+BppXFSN5PNeRiuQM553SBzT5DBqNWjMYXmSV7dAQv+FqrpVnkI+slI+Mx8iOf6AmHvt3IQ4OILxsToCYtm+q5+5yPAZwYZ1c8n3g1J+IODhVYxEaE3WyikFILVp4kS/1ErcJpeg305acuw8vcA0LOscBNF41zZww9kNRbYH5jIhghdsoeifV1OjQydzVvNEedRi7yvTfrx/9rYqHG2IkCc/+hRkDMunxZucmlcIR+pFYOv0+W1GrFGLNcGOe0r1EyqERgDdw7Z6QgzhoIIpe5k3bQM3lPhSLz4//VihscxCh6RiPHiJzz2x0OV7yq5EkYLfAkBC525/HZ5SbamK3F5kryoF3FTfstm3OTVmrAlU/afFId25IK5bn3sFMQZyN7jjadocHWI3A0ry4jsNtBqda40ViJDk1gk7keL/JT1w5sN798XcIycyDIp6ZpAatDMqqP3ZEIUP/Ahpjs2eIuQPwOyMLU33s23Anbc3Xh2gPq2xit2bBWTyUir9bN+BF+IXXCmp6Xnvjwyggo/8jDpCVIsOOEktGMcAMfRS5LpqNthniz4mFdfvvKx2ODfovXXWzo62VbdSPYG+9yailK+7Kf89BIyk56vO7sBVBEkxjt5qlYRETg==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR02MB7980.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ba46bde-ec21-4b80-316f-08d9e6a1b307
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2022 23:14:01.5633 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: crhTGXoGaFXhqwYs6jVwlv4iknpIjea5ZR3IrsHIyVQiBZ9QmlihT86rt70XQ9St
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR02MB4875
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: 01209EB9059FB070DD138DAC9EC69B93114C0919CA4B1E9937D32C7C786A6A3C2
X-Proofpoint-GUID: m7FrizBu8tv14NcM0Dbj_m1MX3Oa2dsf
X-Proofpoint-ORIG-GUID: m7FrizBu8tv14NcM0Dbj_m1MX3Oa2dsf
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-02_11,2022-02-01_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 impostorscore=0 spamscore=0 clxscore=1015 mlxlogscore=999 phishscore=0 lowpriorityscore=0 suspectscore=0 adultscore=0 priorityscore=1501 bulkscore=0 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202020126
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/Ie1_X5eprMugDUqQCeO-4I_Un_g>
Subject: [bmwg] FW: Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-13: (with DISCUSS and COMMENT)
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2022 23:14:41 -0000
Authors, Roman's DISCUSS ballot is particularly important to address. Specifically, the points above ---------------------------------------------------------------------- COMMENT: line, but all the points should be addressed eventually. If you can provide some proposed resolutions before the IESG meets Thursday, it will give our AD Warren some backup for any exchanges with Roman during the live meeting. Status as of Wednesday evening: There are surprisingly few IESG ballots cast (4) https://datatracker.ietf.org/doc/draft-ietf-bmwg-ngfw-performance/ballot/ I previously sent the link to the webex for the meeting, so you can listen-in and possibly gain some insights. Al -----Original Message----- From: Roman Danyliw via Datatracker <noreply@ietf.org> Sent: Wednesday, February 2, 2022 5:40 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-bmwg-ngfw-performance@ietf.org; bmwg-chairs@ietf.org; bmwg@ietf.org; Al Morton <acm@research.att.com>; acm@research.att.com Subject: Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-13: (with DISCUSS and COMMENT) Roman Danyliw has entered the following ballot position for draft-ietf-bmwg-ngfw-performance-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://urldefense.com/v3/__https://www.ietf.org/blog/handling-iesg-ballot-positions/__;!!BhdT!wz4NWwr2EhVf2SVpgeLrJ37BbODitrSIIGTSdWLeVIHQAuDPrMeDZojEcJCm$ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-bmwg-ngfw-performance/__;!!BhdT!wz4NWwr2EhVf2SVpgeLrJ37BbODitrSIIGTSdWLeVIHQAuDPrMeDZpdwKyaS$ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** A key element of successfully running the throughput tests described in Section 7, appears to be ensuring how to configure the device under test. Section 4.2. helpfully specifies feature sets with recommendations configurations. However, it appears there are elements of under-specification given the level of detail specified with normative language. Specifically: -- Section 4.2.1 seems unspecified regarding all the capabilities in Table 1 and 2. The discussion around vulnerabilities (CVEs) does not appear to be relevant to configuration of anti-spyware, anti-virus, anti-botnet, DLP, and DDOS. -- Recognizing that NGFW, NGIPS and UTM are not precise product categories, offerings in this space commonly rely on statistical models or AI techniques (e.g., machine learning) to improve detection rates and reduce false positives to realize the capabilities in Table 1 and 2. If even possible, how should these settings be tuned? How should the training period be handled when describing the steps of the test regime (e.g., in Section 4.3.4? Section 7.2.4?) ** Appendix A. The KPI measures don’t seem precise here – CVEs are unlikely to be the measure seen on the wire. Wouldn’t it be exploits associated with a particular vulnerability (that’s numbered via CVE)? There can be a one-to-many relationship between the vulnerability and exploits (e.g., multiple products affected by a single CVE); or the multiple implementations of an exploit. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Abstract. NGFW, NGIPS and UTM are fuzzy product categories. Do you want to them somewhere? How do they differ in functionality? UTM is mentioned here, but not again in the document. ** Section 1. The requirements for network security element performance and effectiveness have increased tremendously since then. In the eighteen years since [RFC3511] was published, recommending test methodology and terminology for firewalls, requirements and expectations for network security elements has increased tremendously. I don’t follow how the intent of these two sentences is different. Given the other text in this paragraph, these sentences also appear redundant. ** Section 3. Per “This document focuses on advanced, …”, what makes a testing method “advanced”? ** Section 4.2. The abstract said that testing for NGFW, NGIPS and UTM would be provided. This section is silent on UTM. ** Section 4.2. Should the following additional features be noted as a feature of NGFWs and NGIPS (Tables 1 and 2)? -- reconnaissance detection -- geolocation or network topology-based classification/filtering ** Section 4.2. Thanks for the capability taxonomies describe here. Should it be noted that “Table 1 and 2 are approximate taxonomies of features commonly found in currently deployed NGFW and NGIDS. The features provided by specific implementations may be named differently and not necessarily have configuration settings that align to the taxonomy.” ** Table 1. Is there a reason that DPI and Anti-Evasion (listed in Table 2 for NGIPS) are not mentioned here (for NGFW). I don’t see how many (all?) of the features listed as RECOMMENDED could be done without it. ** Table 3. For Anti-Botnet, should it read “detects and blocks”? ** Table 3. For Web Filtering, is this scoped to be classification and threat detection by URI? ** Table 3. This table is missing a description for DoS from Table 1 and DPI and Anti-Evasion from Table 2. ** Section 4.2. Per “Logging SHOULD be enabled.” How does this “SHOULD” align with “logging and reporting” being a RECOMMENDED in Table 1 and 2? Same question on “Application Identification and Control SHOULD be configured” ** Section 4.3.1.1. Why is such well-formed and well-behaved traffic assumed for a security device? ** Section 4.3.1. What cipher suites should be used for TLS 1.3 based tests? The text is prescriptive for TLS 1.2 (using a RECOMMEND) but simply restates all of those registered by RFC8446. ** Section 9. Given that the configurations of these test will include working exploits, it would be helpful to provide a reminder on the need control access to them. ** Section A.1. In parallel, the CVEs will be sent to the DUT/SUT as encrypted and as well as clear text payload formats using a traffic generator. This guidance doesn’t seem appropriate for all cases. Couldn’t the vulnerability being exploited involve a payload in the unencrypted part or a phase in the communication exchange before a secure channel is negotiated? ** Editorial nits -- Section 1. Editorial. s/for firewalls initially/for firewalls/ -- Section 5. Typo. s/as test equipments/as test equipment/
- [bmwg] Roman Danyliw's Discuss on draft-ietf-bmwg… Roman Danyliw via Datatracker
- [bmwg] FW: Roman Danyliw's Discuss on draft-ietf-… MORTON JR., AL
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… bmonkman
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… Carsten Rossenhoevel
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… bmonkman
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… Warren Kumari
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… bmonkman
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw