Re: [bmwg] Secdir early review of draft-ietf-bmwg-ngfw-performance-00

"Brian Monkman" <> Mon, 08 July 2019 20:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4C4F11200C3 for <>; Mon, 8 Jul 2019 13:40:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.604
X-Spam-Status: No, score=-0.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BU1U1lIJB3Rn for <>; Mon, 8 Jul 2019 13:40:26 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AAA0F120059 for <>; Mon, 8 Jul 2019 13:40:26 -0700 (PDT)
Received: by with SMTP id h18so11987342qtm.9 for <>; Mon, 08 Jul 2019 13:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=yYx/H+KQXBN094jLAtWooUjYvNms58BW9Wn4ycNu/6E=; b=tVOS6Hu46SIyEQOCYmtwS41MhjoYcmZvlxgQxR6VXevGVmIbrAhpcbqQpDMYNoBihJ +lsifjsmfAQlhCphXSsrGh9E57cKp8x9/wqVHHnzLN32BjFEt2IAPrtNYmQ3855ciHQw 1MxvSFuaqtefCFzYEWtGEnPW2FSYtVaBEZczsVXAxqXlQYxjDi7Eab9gOLY4CqHC/4Fm ZVCXbJ9H3AA+Akz764tYYnXr1C4TFR1ha7789Cr2HoKz8nvn8Ojif+c1VAMAO5mGanlz gxvByywWptpZ50dQvXNcWyDNo28Imvicul9wuUb4VjjWqeH7AId71lX5UjGd0vsjFBBd JCnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=yYx/H+KQXBN094jLAtWooUjYvNms58BW9Wn4ycNu/6E=; b=QvNVrDKZChSOL5lrOqRYhc4HXeWbRPtuYSDe0xKwoRA9PeRQLNhXCJQK7cDQvvzFyT vs5fJ4fvSnLxS8GPed5oIAhzlNuxGp2Yng5h5ABrGoRsgS1+Jvdzi03dNkmOCQbWyih9 J2TqpcOD4hwDWIhNibhnIAATtvuuIuAJ0AuLKxRbh6PCd84nFNCqYzZZl9eJzRIqwStv 63UYDKyW92a2BJfONbOlqnH797m5Ny5gLAGTvkG58gfycB3pUwcnBFNInaBpdLiq82a0 WKOxF5CvNsxYDHOePPj1u6sJWrZFnuBzJxUn/zH/xzJSxTXEh/OiyZrLNcDEr5DegfPh yEIw==
X-Gm-Message-State: APjAAAUhxcpBw6k0SCA0biaqojUys/dwyCPqIRLFaAtOkiBAQMlg8lb6 ClYM0m9fVrYtoF+GYo+55Dl/DA==
X-Google-Smtp-Source: APXvYqw5uCLhW8/tTMLp0bwUIAuGihDzQT9P0WQhSPdSz0Y8WdFBWyUqm4REYd/g8JX2A4/I93AUOQ==
X-Received: by 2002:ac8:444c:: with SMTP id m12mr15734751qtn.306.1562618425687; Mon, 08 Jul 2019 13:40:25 -0700 (PDT)
Received: from BrianPC ( []) by with ESMTPSA id p23sm4215810qke.44.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jul 2019 13:40:25 -0700 (PDT)
From: "Brian Monkman" <>
To: "'Kathleen Moriarty'" <>, <>
Cc: <>, <>, <>
References: <>
In-Reply-To: <>
Date: Mon, 8 Jul 2019 16:40:22 -0400
Message-ID: <00b701d535cd$5dd9a490$198cedb0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKALfXAuYNHgZeMPKkOA0rWpRO3s6VrPnQQ
Content-Language: en-ca
Archived-At: <>
Subject: Re: [bmwg] Secdir early review of draft-ietf-bmwg-ngfw-performance-00
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Jul 2019 20:40:36 -0000

Thanks for your feedback Kathleen. I will review it with the team and may get back to you with questions.

Brian Monkman

-----Original Message-----
From: Kathleen Moriarty via Datatracker <> 
Sent: July 8, 2019 4:38 PM
Subject: Secdir early review of draft-ietf-bmwg-ngfw-performance-00

Reviewer: Kathleen Moriarty
Review result: Has Nits

Thank you for your work on draft-ietf-bmwg-ngfw-performance.  This is a straightforward review establishing metrics for comparison of SUT/DUT for firewalls establishing measurement requirements as well as acceptance criteria.
 When crypto is recommended for use in testing, it's current, although it should be noted that this is just for test environments.  In terms of security, I think this document is ready with nits.

Please add a security considerations section.  Feel free to include something like what's above.

Section 4.1: Nit

Spell out Device under test/system under test on first use.  I don't think it comes up that often in the IESG review cycle.  I had to look it up and my memory was jogged.

Sorry for my late 'early' review!