Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance
"MORTON JR., AL" <acmorton@att.com> Thu, 22 July 2021 18:39 UTC
Return-Path: <acmorton@att.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A33E53A0D56 for <bmwg@ietfa.amsl.com>; Thu, 22 Jul 2021 11:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.795
X-Spam-Level:
X-Spam-Status: No, score=-1.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_QUOTING=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KxG3bTJs1jZw for <bmwg@ietfa.amsl.com>; Thu, 22 Jul 2021 11:39:30 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A89853A0D49 for <bmwg@ietf.org>; Thu, 22 Jul 2021 11:39:30 -0700 (PDT)
Received: from pps.filterd (m0053301.ppops.net [127.0.0.1]) by mx0a-00191d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16MIYtxX015799; Thu, 22 Jul 2021 14:39:24 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by mx0a-00191d01.pphosted.com with ESMTP id 39xyccgbp3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Jul 2021 14:39:22 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 16MIdJ7W016691; Thu, 22 Jul 2021 14:39:21 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [135.66.87.50]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 16MIdFrF016496 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 22 Jul 2021 14:39:15 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [127.0.0.1]) by zlp27128.vci.att.com (Service) with ESMTP id 22DFC4068F6A; Thu, 22 Jul 2021 18:39:15 +0000 (GMT)
Received: from MISOUT7MSGEX2BF.ITServices.sbc.com (unknown [135.66.184.187]) by zlp27128.vci.att.com (Service) with ESMTP id CDAF04068F69; Thu, 22 Jul 2021 18:39:14 +0000 (GMT)
Received: from MISOUT7MSGEX2BC.ITServices.sbc.com (135.66.184.200) by MISOUT7MSGEX2BF.ITServices.sbc.com (135.66.184.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Thu, 22 Jul 2021 14:39:14 -0400
Received: from MISOUT7MSGETA01.tmg.ad.att.com (144.160.12.221) by MISOUT7MSGEX2BC.ITServices.sbc.com (135.66.184.200) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Thu, 22 Jul 2021 14:39:14 -0400
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgeso1.exch.att.com (144.160.12.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Thu, 22 Jul 2021 14:39:13 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mwe7rW0y5FORMtMCQtbZSeXDjUON9QQbuTDqi/7jdfDExaJk3WpNN7itPAZOlxx9qXZ2SiYVArkhVlBZ1VrEfmi/Z18b97bfTK9moW64io0PufzuFxXuPLCZdAat9abGYjSrtHUS6TkMwkBfLOvrlFJvyUMi7pFbW49GwkiMTUk74NuafUue7nvccFdHex3n5T5ffLXFmwRQQhIWmlfeB4Up8FBJHBle4FhGBOFel44iDN/nwM5Zy7zkq/j6WIbViqsbYY6nu2v/W7TQ+H6m6miWZ/lZ25poVgoqhcarYYLd3NlOt6P819lF8LHZPDHIQXWJDjXH24nRsUl7KEqg5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qLlhVMggA4yPps0sl2mKHBKRtbPYiue3iy9YJx6/2EU=; b=GkM9bLHEtVKCZF8HoWv6+dqPLumqb4C9bAgJM8N59Alhuhm8Ynwuxv+LEF2rrgxSPsqe2/tpKklM4244HcjGXKarhiep5wcERczINQb8ZBfH/vZwr1hg2zl3MWvLXzkNYngVozvcMeW90H8ufzM2Gfibu/w8cBr0mfWHWX8Jmk9x9Jv3Cnxd3lvB19dfJYOHX5D1eBsWdd5NGiAHsuLcmwmCL7GVnSo/N0AQoR4372wFs07hBB0a7eceoA9Pcr/GpZ1bul6ytuMvHR1e3lEiG0g5SOW2H3CF4/ig/Z56RvaoGxlGgfEq3TbGGmVFBZg7Fm7jELdoxM5MCpQ8DUUsEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qLlhVMggA4yPps0sl2mKHBKRtbPYiue3iy9YJx6/2EU=; b=Oq4I3aFV4HoqpIvWVQezG+pHPSJp6imfOBCNj9i3A3iVVYMiK3lolRdnyzw+VcNVghGMKQIDATG/AiJoBu3PuT7LQRERg6BZHISpocwraiBkB1Nob3XMVPMKDu9Ewv8Num42dbP5HbUCUFjvO35e3UUIo40vopfYI/9mHLmAB6I=
Received: from SJ0PR02MB7853.namprd02.prod.outlook.com (2603:10b6:a03:32e::8) by BYAPR02MB4758.namprd02.prod.outlook.com (2603:10b6:a03:4d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.29; Thu, 22 Jul 2021 18:39:10 +0000
Received: from SJ0PR02MB7853.namprd02.prod.outlook.com ([fe80::40d9:d8df:7dfa:3180]) by SJ0PR02MB7853.namprd02.prod.outlook.com ([fe80::40d9:d8df:7dfa:3180%4]) with mapi id 15.20.4352.026; Thu, 22 Jul 2021 18:39:10 +0000
From: "MORTON JR., AL" <acmorton@att.com>
To: "bmonkman@netsecopen.org" <bmonkman@netsecopen.org>, 'Sarah Banks' <sbanks@encrypted.net>
CC: 'Carsten Rossenhoevel' <cross@eantc.de>, "'Jack, Mike'" <Mike.Jack@spirent.com>, "'MORTON, ALFRED C (AL)'" <acm@research.att.com>, "bmwg@ietf.org" <bmwg@ietf.org>, 'Timothy Otto' <totto@juniper.net>, 'Bala Balarajah' <bala@netsecopen.org>
Thread-Topic: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance
Thread-Index: AQHXTbeaOGUmGWbtmESUQ0dgvoKXO6r2c6iAgBnsMwCAGZG0gIAWOoc4gAEjogCAAAQFUIAABRQAgAARbQCAABHzgIAABgKAgAS97YCAAAg6AIAJZpEA
Date: Thu, 22 Jul 2021 18:39:09 +0000
Message-ID: <SJ0PR02MB7853F71A936E525CA6819610D3E49@SJ0PR02MB7853.namprd02.prod.outlook.com>
References: <413e779fd7eb4dd4b3aa8473c171e282@att.com> <f1a2b5c5-ebf2-12ab-b053-b9b2538342ad@hit.bme.hu> <047501d745bb$e22f4ab0$a68de010$@netsecopen.org> <7dc6b282-7f41-bf7c-f09c-65e7ce94b674@hit.bme.hu> <048801d745be$31424b50$93c6e1f0$@netsecopen.org> <84196d5ce7474f9196ab000be64c49fd@att.com> <02629ACE-FDA4-4ACF-9459-825521596B83@encrypted.net> <001201d75266$05979140$10c6b3c0$@netsecopen.org> <059e01d75f7d$a62a4de0$f27ee9a0$@netsecopen.org> <009b01d76c46$8063e5a0$812bb0e0$@netsecopen.org> <770F93CB-A8CC-4420-8C1B-CB7B7A2289FB@encrypted.net> <021f01d77356$7e19a2f0$7a4ce8d0$@netsecopen.org> <D1ED6898-D8C3-4C56-A3D3-221DD16B7300@encrypted.net> <004701d777f5$94844bf0$bd8ce3d0$@netsecopen.org> <SJ0PR02MB7853CAF5D40CBAFA6C3B4154D3149@SJ0PR02MB7853.namprd02.prod.outlook.com> <005201d777fa$2133a100$639ae300$@netsecopen.org> <4e51a7d5-8c59-a4fc-6c65-457ee7655c74@eantc.de> <A0A5D9D5-1D3E-439F-9009-C977BC5EA389@encrypted.net> <00de01d7780e$d2351b50$769f51f0$@netsecopen.org> <43E13361-D7EE-4882-BCF2-6FBAEA0 AAE84@encrypted.net> <01c801d77a71$e64f5190$b2edf4b0$@netsecopen.org>
In-Reply-To: <01c801d77a71$e64f5190$b2edf4b0$@netsecopen.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: netsecopen.org; dkim=none (message not signed) header.d=none;netsecopen.org; dmarc=none action=none header.from=att.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 70cdfcae-1c5e-44e3-5fde-08d94d3ffebd
x-ms-traffictypediagnostic: BYAPR02MB4758:
x-microsoft-antispam-prvs: <BYAPR02MB475834526C561B3F7AC3D665D3E49@BYAPR02MB4758.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gU7YVlGefxFbtGUJ31lvGjiodz91oGrLpg7tK7QF9ursZJjUU79DFEvweceNVPx1Wgd3/fjjZz1M5GbrAds/vueAy9r4dkIHGn6eJLiPgOm8Ypwu/CnOR1bP6f15RevqLNZAC9PKyZ2I7MtqroqFo3d+1EsyCfUuCH9G3qnY8kyvw/AqaZ77Qljul8mLo7BAmR8SoS2zgz5jDMWeNY5lXVwwNmSzWyfMmNWzPu2aUj7Ti/dRce0OJVBU2rBfsEMYLEfmJK7GBBw9eDMj2upDw1QgHyHamrcfRkE+sFyId9JxSXNoqKQAJ699Mh7Pw06/4edbgtpW8/wBM7OwImK+DpNZfFdLXXHxlrtBgmxgVSBqxv/iu60eR3K9JZ1fwLWUXCC6RVFLzB7u841giCGFrvm/bygfMNzu4uNPX4Kz6pGn4UyAFHlmtUTj5ED3WbXpfEHDcmISOg/zm9hhoZXG1rbsNmyrEwiUSqrcuCz57IfGW0pGjMAy0wjG4lksZ6KbxgGB+x6fCMNfUMYeR8uPXlpBt3IC3UKbxX2swX6ibtrB/wu7ipU9f2DX08l7nlqZTCLQHG58OFutz4SbnPUKszgZeyKZprQsBPsGNJLGrvKk3OGZlhTZyin08+yt4/u9+eos49muigYN2hbsunXyndO5fFzPd2LlM9BW/zJRsX6XQOAA8ln17E4QGdSA7Vg3igglblSMdhAKvRuab5iDld+2c/RHZrzETWsIbMAuvJwnRN58M8obkRXPICVmENda9ZqMx/mEV8K/slNJGShhVUoSoHkdY3NzpH8TG+Uteo4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB7853.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(346002)(366004)(39860400002)(136003)(76116006)(4326008)(2906002)(82202003)(83380400001)(33656002)(26005)(478600001)(6506007)(30864003)(166002)(66574015)(8676002)(966005)(38100700002)(66556008)(122000001)(66946007)(86362001)(66476007)(186003)(64756008)(316002)(8936002)(66446008)(9686003)(52536014)(5660300002)(71200400001)(53546011)(55016002)(110136005)(54906003)(7696005)(38070700004)(579004)(559001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sgHhfla0lYUJHcbo37KvTNM7YK3RTpKvOgn+/zgF5TjIPCIL/rKb8rYFaPvBhxz3xaolTsPcWoYG7JaIrs8YX5u9AkUpYd5W7/RPGHeWC0QemLMEsNY2Llp/dusKVUsFSM68IR5kkBfrl1DD2sRcCSJVy8NFE2DGZFZGNSe7f+3GYGKYT8wZYm8/UPwXZrZqEYQz/iTExSUCOFPYMdemdSULFb/rYcmxdw6ULytCCzzIzmW0yy6+hKlxX7wivb1P4s4bMul7lJcujqktqsVp7FazyzBqKcrguyaBhksYphVtMhEYe7M1+blAeP9Y5xqXz7lHobEy3BiBMn+3SUCyROGERjBgubGL3mMrz47JzvEIYdIpJCrsX4+/Khq7aJ2q6ZPkffYqNDfNMiUV0wRzf5BZwDp85kJQWVX9aN5z5gXfVyJESbyWNmzL4rFfzYdRGAdOtRpjTWH55fXS7mvWOlJe2hWMt73wbbUuZ+Yy6WDmASSShkf9ssnFXh84fenakXNc27KyxtaQLbjGdvSyk4YW7VgydhcpgUCepj6ZAedtaHjDscrBPHN6Y2M3KxukHY831AKmXkENzfSeW/4olj8s2Leg0GZzuHiZG0Fpf1aCHlpT3VvFD6et4FA6Aqn98Y1hl87OdmIZFZPmP4yUt/xkDavtyPClp1Da+sRNDvo+VBgrPCULCO4SKkS8QoIaNcLs3GAqEwjGiHRvtGRkGbzLsh9E234Let2Fz7fn4T235wvuLFY2YSkP1+guqK9idxFUxgbslvxgHJUXNvJT5z1WXJYmWPciu0mUDTALgyZ09wjeLaAanD8SakyeR8rbVOHp9CM6MfOAWkyClBTZY6EWQ3D+9k4th6kF4D0gz+dyLExSh08zrRATBP9f4KJZhQhmwMtN7Twvq+4RfqwHk+sZnoxwfn9tbG9Onl+FMC2gRuuM00/ggcEfP7m5KwH3zt6JjrcRUFt83hMALhOzaoEuhEilAk4vKDkBNGLOFqocVyLkwJrs6+xjFxwRymPwqW2kfyd9fGX/rGYOvsHolNAhv9a/SnxEsmTXBJO2wpIughdtKKNWstVOcVoOALchkdFVTZZ2B9QB087rUUcp2sRiqWqtBNl4zdJFvABUfI3rCMMVShzZsBOctewj2G2IcG+ZLmMlQhgmxoaKvrOtUcWJOVh90YploU0P35flS78aCYaI4XEiNxVNqM0gIFX+CSmVkYIu3EdYgBrz6qLydV1AEyzMuaqbNn1guMUgR19TudGan1NYt8kX3daf/EvZJ3sFtAgm7u8iiH2RDzgilWf+gchtQWzCOptmoC7pAOP2VcVmrMdwkahGRYXrwpHN
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB7853F71A936E525CA6819610D3E49SJ0PR02MB7853namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7853.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 70cdfcae-1c5e-44e3-5fde-08d94d3ffebd
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2021 18:39:10.0085 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 84/i9T4DyFDeKfEoFg3d/48mO7NBVj/Lmy2LUGtmObJXne9B9T7GbsY9SDpbZIvl
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB4758
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: C451FECE010D23C0B22FB2E543F8E6E17D07CF61EDB468D2552BB0BD5E2584D92
X-Proofpoint-GUID: N1AUKBFGf76gRc1-j931-izVnOFSe6qa
X-Proofpoint-ORIG-GUID: N1AUKBFGf76gRc1-j931-izVnOFSe6qa
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-22_12:2021-07-22, 2021-07-22 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 mlxscore=0 phishscore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 clxscore=1015 priorityscore=1501 spamscore=0 malwarescore=0 suspectscore=0 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107220121
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/eZIJupYOpdiSM5_4vQ-EcvV3600>
X-Mailman-Approved-At: Thu, 22 Jul 2021 12:24:42 -0700
Subject: Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2021 18:39:38 -0000
Hi all, I think there might be a way forward for the most recent discussions below, and this might be the most important area to agree since it pertains to the scope (even the title) of the draft/RFC we are working on. Perhaps what we have in this draft is best described as a set of benchmarks that *test specific features* of next-gen firewalls (and some are applicable to IDS, too?). Don’t claim to test all features of *any* device: the scope is the set of features for which benchmarks and methods have been developed. The scope defines what is in the document. If there is a need to add more tests/benchmarks to cover additional features later, another document can take-up that work easily. Something like: This document provides benchmarking terminology and methodology for *several features commonly found in* next-generation network security devices including next-generation firewalls (NGFW), next-generation intrusion detection and prevention systems (NGIDS/NGIPS) and unified threat management (UTM) implementations. The features/benchmarks are < list >. Also, I didn’t get hung-up on the term “Next-Generation” in the doc, because we were just finishing RFC3511 when I joined BMWG and so next-gen had an inherent meaning to me. It might be somewhat awkward to refer to RFC 3511 in the explanation of the “next-generation”, but we clearly mean *modern* devices and using the term “modern” may help. In any case, if we concentrate on the features we benchmark, it matters much less whether these features are part of existing, current, modern, or even next-generation devices. I hope this helps, Al (as your friendly wg co-chair, trying to move the discussion forward productively) From: bmonkman@netsecopen.org <bmonkman@netsecopen.org> Sent: Friday, July 16, 2021 2:39 PM To: 'Sarah Banks' <sbanks@encrypted.net> Cc: 'Carsten Rossenhoevel' <cross@eantc.de>; MORTON JR., AL <acmorton@att.com>; 'Jack, Mike' <Mike.Jack@spirent.com>; 'MORTON, ALFRED C (AL)' <acm@research.att.com>; bmwg@ietf.org; 'Timothy Otto' <totto@juniper.net>; 'Bala Balarajah' <bala@netsecopen.org> Subject: RE: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance I’m confused. You have cited IDS as examples even though we have explicitly stated our that including IDS is out of scope. As we have not *yet* created an updated draft it does confuse things. We felt it would be a waste of time to create a new draft given several of our comments were still open. I suppose since you “can’t propose” anything specific we will have to discuss it during the meeting. Thanks for taking the time to respond. Brian From: Sarah Banks <sbanks@encrypted.net<mailto:sbanks@encrypted.net>> Sent: Friday, July 16, 2021 2:10 PM To: bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org> Cc: Carsten Rossenhoevel <cross@eantc.de<mailto:cross@eantc.de>>; ALFRED MORTON <acmorton@att.com<mailto:acmorton@att.com>>; Jack, Mike <Mike.Jack@spirent.com<mailto:Mike.Jack@spirent.com>>; MORTON, ALFRED C (AL) <acm@research.att.com<mailto:acm@research.att.com>>; bmwg@ietf.org<mailto:bmwg@ietf.org>; Timothy Otto <totto@juniper.net<mailto:totto@juniper.net>>; Bala Balarajah <bala@netsecopen.org<mailto:bala@netsecopen.org>> Subject: Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance Hi Brian, Please see inline. Thanks, Sarah (as a participant) On Jul 13, 2021, at 10:45 AM, <bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org>> <bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org>> wrote: Sarah, I understand your comments. Could you say whether changing the draft to explicitly including only NGFW and NGIPS as the target would impact your follow-on comments. SB// I support the draft as a draft that covers benchmarks that cover specifically NGFW and NGIPS, provided the scope is not open ended to cover the undefined "NG*" and future devices that we haven't invented yet. :) And with respect to your comment regarding the number of test cases, could you tell us what it is you would like to see. I ask because we have had the same test cases enumerated since the initial draft. This is the first time, I believe, that a suggestion has been raised that there are not enough. We think there are. However, I understand you don’t. But it would be helpful to us if you could detail what you think is needed in addition to the test cases currently included. SB// I can certainly understand the frustration with this comment at the late hour. At first, I was focused on "can the NGIDS piece fit into this draft as is?" and "does it cover the general scope of any upcoming NG* device?" - and once I sorted that out and settled on the idea that this draft makes a lot of sense in the NGFW/IPS sense, it occurred to me - if I wanted to benchmark one NGFW versus another, or one IPS versus another, there's a lot more here I'd like to test. The features called out in section 4.2 would certainly be items I'd want to understand when comparing different but like devices. This expectation is set from the very abstract itself - where we write, "This document provides benchmarking terminology and methodology for next-generation network security devices including next-generation firewalls (NGFW), next-generation intrusion detection and prevention systems (NGIDS/NGIPS) and unified threat management (UTM) implementations." It's to these features that I think test cases would meet the stated objective in the abstract. Last, we use a term that is not defined - NG* - and it begs the question, what characterizes a next generation device? Let me use an IDS as the example (I realize the IDS is out of scope now! But it highlights some of the questions) - is it performance (amount of traffic a device can ingest at ingress? the amount of records/meta data/flows/alerts/events it can send out per second?) Does it extend to an architecture? Does it cover a breadth of analyzers/protocols it can perceive and interpret? Would it include a stance on the effectiveness of the detections (positive/false positive hits)? I believe the due diligence on undefined terms here is on the authors, as I'm not sure I understand what's meant by an "NGIPS" - hence the question - and hence the reason I can't propose the text for the authors. Brian From: Sarah Banks <sbanks@encrypted.net<mailto:sbanks@encrypted.net>> Sent: Tuesday, July 13, 2021 1:24 PM To: Carsten Rossenhoevel <cross@eantc.de<mailto:cross@eantc.de>> Cc: bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org>; ALFRED MORTON <acmorton@att.com<mailto:acmorton@att.com>>; MORTON, ALFRED C (AL) <acm@research.att.com<mailto:acm@research.att.com>>; bmwg@ietf.org<mailto:bmwg@ietf.org>; Jack, Mike <Mike.Jack@spirent.com<mailto:Mike.Jack@spirent.com>>; Timothy Otto <totto@juniper.net<mailto:totto@juniper.net>>; Bala Balarajah <bala@netsecopen.org<mailto:bala@netsecopen.org>> Subject: Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance Carsten, While I find some of the comments below a tad offensive, I want to focus in a bit on the draft text itself. For me, the disconnect starts in the Abstract: This document provides benchmarking terminology and methodology for next-generation network security devices including next-generation firewalls (NGFW), next-generation intrusion detection and prevention systems (NGIDS/NGIPS) and unified threat management (UTM) implementations. This document aims to strongly improve the applicability, reproducibility, and transparency of benchmarks and to align the test methodology with today's increasingly complex layer 7 security centric network application use cases. The main areas covered in this document are test terminology, test configuration parameters, and benchmarking methodology for NGFW and NGIDS/NGIPS to start with. I read that and my takeaway is that the draft wants to be the RFC for all next generation security devices. I am willing to accept your assertion that perhaps I don't understand the fundamental concept of what a NG security device is, and in my feedback I asked you to point me at such a definition. What I was gently pointing out is that I'm not sure one exists, and that the text might be best suited to include one. The draft points out required features to be enabled, and I wonder, if I don't have that feature on my device, are you saying I'm not an NG security device? Am I disqualified from such a test? Which leads me to my general concern - I am not supportive of a draft that covers "NG security devices", describes tests for 2 of them, and that's it. We don't know what's next to be invented, so having a blanket device that covers them seems strange to me at best. The abstract itself describes a methodology for testing "unified threat management" implementations, and while the tests to be performed are well described, they're lighter than I'd expect. Further, if I were an NGIPS in a bakeoff, wouldn't I want to test the performance of some of the features from 4.2 to be benchmarked? Do you see what I mean? I realize that this might not be the point of your testing here, but I'm trying to share that were I to come to this draft as written, I might reasonably expect that the draft cover some or all of those features with test cases. Ways forward: I believe a definition of, or pointing to such, of NG <x> is required. While I'm not entirely convinced that the draft actually covers the entire set of features I'd want to test on a NGFW or on an IPS, I'd be supportive of a draft that covered those devices, since test cases for them are called out. I am not supportive of a draft that blanket-covers what's next, and I think we should strongly consider adding more test cases that allow someone to more thoroughly benchmark the NGFW or IPS, as the abstract suggests. Kind regards, Sarah On Jul 13, 2021, at 9:19 AM, Carsten Rossenhoevel <cross@eantc.de<mailto:cross@eantc.de>> wrote: The question is, how much more time will be required to discuss this topic in an IETF meeting (whether regular or interim)? Al (as chair) and Sarah (as contributor), what do you think? Would it fit into the regular BMWG meeting at IETF111 at all anyway? My personal view is that it will take a considerable time to explain the positions and reach consensus, specifically related to the rather fundamental questions about the scope of the next-gen security device industry. Sarah, is it acceptable to kindly ask you to prepare constructive editorial suggestions how to resolve her concerns? The WGLC process has already been delayed by yet another IETF meeting cycle, and I would like to ask for your support to avoid any further unnecessary delays. I would like to remind everyone of RFC 7154<https://urldefense.com/v3/__https:/tools.ietf.org/search/rfc7154__;!!BhdT!344XpUuQ7YIyFQ3UZmSxHG88B5cVP-J29Mgk7T1SDS0ZYCrD8cayPV0W6Qa9$> (IETF Guidelines for Conduct) section 2.4. Best regards, Carsten On 13.07.2021 16:17, bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org> wrote: Thanks for your response Al. Given that the BMWG session is only 9 working days away I doubt very much we will be able to get together as a group on our side and work through the remaining issues. It might be possible to get our response out by the end of next week, but I don't think that will provide enough time for it to be reviewed and a response formulated by the meeting on July 26th. I think it would be preferable to schedule an interim. Brian -----Original Message----- From: MORTON JR., AL <acmorton@att.com><mailto:acmorton@att.com> Sent: Tuesday, July 13, 2021 11:01 AM To: bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org>; 'Sarah Banks' <sbanks@encrypted.net><mailto:sbanks@encrypted.net>; 'MORTON, ALFRED C (AL)' <acm@research.att.com><mailto:acm@research.att.com> Cc: bmwg@ietf.org<mailto:bmwg@ietf.org>; asamonte@fortinet.com<mailto:asamonte@fortinet.com>; amritam.putatunda@keysight.com<mailto:amritam.putatunda@keysight.com>; 'Bala Balarajah' <bala@netsecopen.org><mailto:bala@netsecopen.org>; 'Carsten Rossenhoevel' <cross@eantc.de><mailto:cross@eantc.de>; 'Christopher Brown' <cbrown@iol.unh.edu><mailto:cbrown@iol.unh.edu>; 'Jack, Mike' <Mike.Jack@spirent.com><mailto:Mike.Jack@spirent.com>; 'Ryan Liles (ryliles)' <ryliles@cisco.com><mailto:ryliles@cisco.com>; 'Timothy Carlin' <tjcarlin@iol.unh.edu><mailto:tjcarlin@iol.unh.edu>; 'Timothy Otto' <totto@juniper.net><mailto:totto@juniper.net> Subject: RE: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance Hi Brian, Our next opportunity to discuss this draft and comment resolution is during the BMWG session at IETF-111. Let's try to make that work for everyone. thanks! Al -----Original Message----- From: bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org> <bmonkman@netsecopen.org><mailto:bmonkman@netsecopen.org> Sent: Tuesday, July 13, 2021 10:44 AM To: 'Sarah Banks' <sbanks@encrypted.net><mailto:sbanks@encrypted.net>; 'MORTON, ALFRED C (AL)' <acm@research.att.com><mailto:acm@research.att.com> Cc: bmwg@ietf.org<mailto:bmwg@ietf.org>; asamonte@fortinet.com<mailto:asamonte@fortinet.com>; amritam.putatunda@keysight.com<mailto:amritam.putatunda@keysight.com>; 'Bala Balarajah' <bala@netsecopen.org><mailto:bala@netsecopen.org>; 'Carsten Rossenhoevel' <cross@eantc.de><mailto:cross@eantc.de>; 'Christopher Brown' <cbrown@iol.unh.edu><mailto:cbrown@iol.unh.edu>; 'Jack, Mike' <Mike.Jack@spirent.com><mailto:Mike.Jack@spirent.com>; 'Ryan Liles (ryliles)' <ryliles@cisco.com><mailto:ryliles@cisco.com>; 'Timothy Carlin' <tjcarlin@iol.unh.edu><mailto:tjcarlin@iol.unh.edu>; 'Timothy Otto' <totto@juniper.net><mailto:totto@juniper.net> Subject: RE: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance Looping in the others on my original post. Thanks Sarah, Good to see the issues are being whittled down. Of the remaining five or six issues I doubt we will have a response prior to IETF 111. Al, Could we schedule an interim meetup/call for some time early August? Brian -----Original Message----- From: Sarah Banks <sbanks@encrypted.net><mailto:sbanks@encrypted.net> Sent: Monday, July 12, 2021 5:20 PM To: bmonkman@netsecopen.org<mailto:bmonkman@netsecopen.org> Cc: bmwg@ietf.org<mailto:bmwg@ietf.org> Subject: Re: [bmwg] WGLC on New version of draft-ietf-bmwg-ngfw-performance Hi Brian et al, First, my apologies for the delay, and I very much appreciate your patience. I also appreciate the time and effort that went into the reply to my comments, which can be even more difficult to do as a large group :) Please see inline. Thank you, Sarah (as a participant) Hi Sarah, As I mentioned in the previous message, we will remove reference to IDS from the draft. Given that, none of the IDS related comments/questions are being addressed. SB// Makes sense, thank you. - The draft aims to replace RFC3511, but expands scope past Firewalls, to "next generation security devices". I'm not finding a definition of what a "next generation security device is", nor an exhaustive list of the devices covered in this draft. A list that includes is nice, but IMO not enough to cover what would be benchmarked here - I'd prefer to see a definition and an exhaustive list. [bpm] "We avoid limiting the draft by explicitly adding a list of NG security devices currently available in the market only. In the future, there may be more and more new types of NG security devices that will appear on the market. SB// I think there are 2 types of devices called out; I'm not seeing a definition of what a "NG security device" is, and I'm not comfortable with a draft that has a blanket to encompass what would come later. Who knows what new characteristics would arrive with that new device? I think the scope here is best suited for the devices we know about today and can point to and say we're applying knowledgeable benchmarking tests against. [bpm] This draft includes a list of security features that the security device can have ( RFC 3511 doesn't have such a list). Also, we will describe in the draft that the security devices must be configured ""in-line"" mode. We believe these two points qualifying the definition of next generation security. SB// I strongly disagree. Well, I mean OK, for active inline devices maybe this is OK, but to say that the only way a device can be "NG" is to be active/inline, I disagree with. And if there is, have we gathered all of the items we'd want to actively test for in that case? For example, what about their abilities to handle traffic when a failure occurs? (fail open/closed). What about alerts and detections and the whole federation of tests around positives/false positives/false negatives, etc? I'm onboard with expanding the scope, but then we have to do the devices benchmarking justice, and I feel we're missing a lot here. - What is a NGIPS or NGIDS? If there are standardized definitions pointing to them is fine, otherwise, there's a lot of wiggle room here. [bpm] See above. We are removing NGIDS from the draft. SB// Understood, thank you. - I still have the concern I shared at the last IETF meeting, where here, we're putting active inline security devices in the same category as passive devices. On one hand, I'm not sure I'd lump these three together in the first place; on the other, active inline devices typically include additional functions to allow administrators to control what happens to packets in the case of failure, and I don't see those test cases included here. [bpm] This draft focuses on ""in-line"" mode security devices only. We will describe this in section 4 in more detail. SB// Understood, thank you. [bpm] Additionally, the draft focuses mainly on performance tests. The DUT must be configured in ""fail close"" mode. We will describe this under section 4. Any failure scenarios like ""fail open"" mode is out of scope. SB// OK, but I think an RFC that is going to encompass this device under the "NG security devices" classification is missing out on large portions of what customers will want to test. It'll also beg for another draft to cover them, and then I'm not sure we're serving the industry as well as we could. - Section 4.1 - it reads as if ANY device in the test setup cannot contribute to network latency or throughput issues, including the DUTs - is that what you intended? [bpm] "Our intention is, if the external devices (routers and switches) are used in the test bed, they should not negatively impact DUT/SUT performance. To address this, we added a section ( section 5 ""Test Bed Considerations"") which recommends a pre-test. We can rename this as reference test or baseline test. " SB// Thank you for the clarification. I think there's still a concern there. Who defines what "negative impact" is? You're traversing at least another L2 or L3 step in the network with each bump, which contributes some amount of latency. If they don't serve in control plane decisions and are passively passing data on, then we could consider removing them from the setup and removing the potential skew on results. - Option 1: It'd be nice to see a specific, clean, recommended test bed. There are options for multiple emulated routers. As a tester, I expect to see a specific, proscribed test bed that I should configure and test against. [bpm] The draft describes that Option 1 is the recommended test setup. However. We added emulated routers as optional in option 1. The reason for that: Some type of security devices for some deployment scenarios requires routers between test client/server and the DUT (e.g., NGFW) and some DUT/SUT doesn't need router (e.g. NGIPS ) - Follow on: I'm curious as to the choice of emulated routers here. The previous test suggests you avoid routers and switches in the topo, but then there are emulated ones here. I'm curious as to what advantages you think these bring over the real deal, and why they aren't subject to the same limitations previously described? [bpm] Comparing real router, the emulated router gives more advantages for L7 testing. [bpm] - Emulated router doesn't add latency. Even if it adds delay due to the routing process, the test equipment can report the added latency, or it can consider this for the latency measurement. [bpm] - Emulated routers simply do routing function only. But in a "real" router, we are not sure what else the router is doing with the packets. SB// Maybe I'm missing something here - a device can't perform a function for free, right? Even if it's impact is negligible, it's an impact of some sort. We're saying the emulated router is doing the routing - OK - but I think the same thing applies to the physical router - how do you know what else the emulated router is doing? if the test gear can call out the latency, I'd like to see clarification around how it's doing that and distinguishing the latency introduced by Device A, versus Device B, versus the DUT, etc. [bpm] Your question regarding the need for routers: [bpm] - We avoid impacting the DUT/SUT performance due to ARP or ND process [bpm] - Represent realistic scenario (In the production environment the security devices will not be directly connected with the clients.) [bpm] - Routing (L3 mode) is commonly used in the NG security devices. [bpm] However, in both figures we mentioned that router including emulated router is optional. If there is no need have routing functionality on the test bed (e.g., if we used very small number of clients and server IPs or the DUT operates in Layer 2 mode), it can be ignored. [bpm] Also, we described in Option 1, that the external devices are if there is need to aggregate the interfaces of the tester or DUT. For an example, DUT has 2 Interfaces, but tester need to use it's 4 interfaces to achieve the performance. So here we need switch/router to aggregate tester interface from 4 to 2. - In section 4.1 the text calls out Option 1 as the preferred test bed, which includes L3 routing, but it's not clear why that's needed? [bpm] See above. - The difference between Option 1 and Option 2 is the inclusion of additional physical gear in Option 2 - it's not clear why that's needed, or why the tester can't simply directly connect the test equipment to the DUT and remove extraneous devices from potential influence on results? [bpm] See above. - Section 4.2, the table for NGFW features - I'm not sure what the difference is between RECOMMENDED and OPTIONAL? (I realize that you might be saying that RECOMMENDED is the "must have enabled" features, where as optional is at your discretion, but would suggest that you make that clear) [bpm] The definition for OPTIONAL and RECOMMENDED is described in, and recommended, RFC2119. We already referenced this under the section 2 "Requirements". SB// Thanks! - Proscribing a list of features that have to be enabled for the test, or at least more than 1, feels like a strange choice here - I'd have expected tests cases that either test the specific features one at a time, or suggest several combinations, but that ultimately, we'd tell the tester to document WHICH features were enabled, to make the test cases repeatable? This allows the tester to apply a same set of apples to apples configurations to different vendor gear, and omit the 1 feature that doesn't exist on a different NGFW (for example), but hold a baseline that could be tested. - Table 2: With the assumption that NGIPS/IDS are required to have the features under "recommended", I disagree with this list. For example, some customers break and inspect at the tap/agg layer of the network - in this case, the feed into the NGIDS might be decrypted, and there's no need to enable SSL inspection, for example. [bpm] IDS is being removed. SB// OK...I'm not sure this addresses the feedback though :) A NGFW for sure will do break/inspect as well, right? - Table 3: I disagree that an NGIDS IS REQUIRED to decrypt SSL. This behaviour might be suitable for an NGIPS, but the NGIDS is not a bump on the wire, and often isn't decrypting and re-encrypting the traffic. [bpm] IDS is being removed. SB// See comment above. - Table 3: An NGIDS IMO is still a passive device - it wouldn't be blocking anything, but agree that it might tell you that it happened after the fact. [bpm] IDS is being removed. SB// Thanks! - Table 3: Anti-evasion definition - define "mitigates". [bpm] Not sure why you are asking this as mitigate is not an uncommon term/word. - Table 3: Web-filtering - not a function of an NGIDS. [bpm] IDS is being removed. - Table 3: DLP: Not applicable for an NGIDS. [bpm] IDS is being removed. - Can you expand on "disposition of all flows of traffic are logged" - what's meant here specifically, and why do they have to be logged? (Logging, particularly under high loads, will impact it's own performance marks, and colours output) [bpm] We intentionally recommended enabling logging which will impact the performance. The draft is not aiming to get high performance number with minimal DUT/SUT configuration. In contrast, it aims to get reasonable performance number with realistic DUT configuration. The realistic configuration can vary based on DUT/SUT deployment scenario. [bpm] In most of the DUT/SUT deployment scenarios or customer environments, logging is enabled as default configuration. [bpm] "Disposition of all flows of traffic are logged": means that the DUT/SUT need to log all the traffic at the flow level not each packet. [bpm] We will add more clarification for the meaning of "disposition of all flows of traffic are logged". SB// Thanks! - ACLs wouldn't apply to an IDS because IDS's aren't blocking traffic :) [bpm] IDS is being removed. - It might be helpful to testers to say something like "look, here's one suggested set of ACLs. If you're using them, great, reference that, but otherwise, make note of the ACLs you use, and use the same ones for repeatable testing". [bpm] The draft gives guidance how to choose the ACL rules. We describe here a methodology to create ACL. - 4.3.1.1 The doc proscribes specific MSS values for v4/v6 with no discussion around why they're chosen - that color could be useful to the reader. [bpm] We will add some more clarification that these are the default number used in most of the client operating systems currently. SB// Thanks! - 4.3.1.1 - there's a period on the 3rd to last line "(SYN/ACL, ACK). and" that should be changed. [bpm] Thank you. - 4.3.1.1 - As a tester with long time experience with major test equipment manufacturers, I can't possibly begin to guess which ones of them would conform to this - or even if they'd answer these questions. How helpful is this section to the non test houses? I suggest expansion here, ideally with either covering the scope of what you expect to cover, or hopefully which (open source/generally available) test tools or emulators could be considered for use as examples. [bpm] We extensively discussed with Ixia and Spirent about this section. This section was developed with significant input from these test tools vendors in addition to others. SB// OK, that's really good to know, but there are plenty of us working with and looking for more cost effective options to Ixia and Spirent. :) I think the expansion would be good here. - 4.3.1.3 - Do the emulated web browser attributes really apply to testing the NGIPS? [bpm] Yes, we performed many PoC tests with test tools. Ixia and Spirent confirmed this. - 4.3.2.3 - Do you expect to also leverage TLS 1.3 as a configuration option here? [bpm] Yes - 4.3.4 - I'm surprised to see the requirement that all sessions establish a distinct phase before moving on to the next. You might clarify why this is a requirement, and why staggering them is specifically rejected? [bpm] This draft doesn't describe that all sessions establish a distinct phase before moving on to the next. We will remove the word "distinct" from the 1st paragraph in section 4.3.4. SB// Thanks! [bpm] Unlike Layer 2/3 testing, Layer 7 testing requires several phases in the traffic load profile. The traffic load profile described in the draft is the common profile mostly used for Layer 7 testing. - 5.1 - I like the sentence, but it leaves a world of possibilities open as to how one confirmed that the ancillary switching, or routing functions didn't limit the performance, particularly the virtualized components? [bpm] The sentence says, "Ensure that any ancillary switching or routing functions between the system under test and the test equipment do not limit the performance of the traffic generator." [bpm] Here we discuss the traffic generator performance, and this can be confirmed by doing reference test. [bpm] The section 5 recommends reference test to ensure that the maximum desired traffic generator's performance. Based on the reference test results it can be identified, if the external device added any impact on traffic generator's performance. [bpm] We will add more content in section 5 to provide more details about reference test. SB// Thanks! - 5.3 - this is a nice assertion but again, how do I reasonably make the assertion? [bpm] We will change the word from "Assertion" to "Ensure". Also, we will add more clarity about reference testing. SB// Thanks! - 6.1 - I would suggest that the test report include the configuration of ancillary devices on both client/server side as well [bpm] We believe that adding configuration of the ancillary devices doesn't add more value in the report. Instead of this, we will recommend documenting the configuration of the ancillary devices by doing reference test. We will add this under the section 5 "Test bed consideration". SB// I think including them assists greatly in the repeatability of the testing, for what it's worth. - 6.3 - Nothing on drops anywhere? [bpm] Are you referring to packet drops? If you are, there is no packet loss in stateful traffic. Instead of packet loss, the stateful traffic has retransmissions. - 7.1.3.2 - Where are these numbers coming from? How are you determining the "initial inspected throughput"? Maybe I missed that in the document overall, but it's not clear to me where these KPIs are collected? I suggest this be called out. [bpm] We will add more clarification in the next version. Thank you. SB// Thanks! - 7.1.3.3 - what is a "relevant application traffic mix" profile? [bpm] This is described in section7.1.1 (2nd paragraph). We will add the word "relevant" in the 1st sentence of the 2nd pragraph.so the sentence will be "Based on customer use case, users can choose the relevant application traffic mix for this test. The details about the traffic mix MUST be documented in the report. At least the following traffic mix details MUST be documented and reported together with the test results: SB// A set of example(s) could be helpful. Not required, just helpful. - 7.1.3.4 - where does this monitoring occur? [bpm] The monitoring or measurement must occur in the test equipment. Section 4.3.4 describes this. - 7.1.3.4 - This looks a bit like conformance testing - Why does item (b) require a specific number/threshold? [bpm] These numbers are synonymous with the zero-packet loss criteria for [RFC2544] Throughput and recognize the additional complexity of application layer performance. This was agreed by the IETF BMWG. - 9: Why is the cipher squite recommendation for a real deployment outside the scope of this document? [bpm] Because new cipher suites are frequently developed. Given that the draft will not be easily updated once it is accepted as an RFC we wanted to ensure there was flexibility to use future developed cipher suites. Brian Monkman on behalf of.... Alex Samonte (Fortinet), Amritam Putatunda (Ixia/Keysight), Bala Balarajah (NetSecOPEN), Carsten Rossenhoevel (EANTC), Chris Brown (UNH-IOL), Mike Jack (Spirent), Ryan Liles (Cisco), Tim Carlin (UNH-IOL), Tim Otto (Juniper) -- Carsten Rossenhövel Managing Director, EANTC AG (European Advanced Networking Test Center) Salzufer 14, 10587 Berlin, Germany office +49.30.3180595-21, fax +49.30.3180595-10, mobile +49.177.2505721 cross@eantc.de<mailto:cross@eantc.de>, https://www.eantc.de<https://urldefense.com/v3/__https:/www.eantc.de/__;!!BhdT!344XpUuQ7YIyFQ3UZmSxHG88B5cVP-J29Mgk7T1SDS0ZYCrD8cayPZUV4CZF$> Place of Business/Sitz der Gesellschaft: Berlin, Germany Chairman/Vorsitzender des Aufsichtsrats: Herbert Almus Managing Directors/Vorstand: Carsten Rossenhövel, Gabriele Schrenk Registered: HRB 73694, Amtsgericht Charlottenburg, Berlin, Germany EU VAT No: DE812824025 _______________________________________________ bmwg mailing list bmwg@ietf.org<mailto:bmwg@ietf.org> https://www.ietf.org/mailman/listinfo/bmwg<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/bmwg__;!!BhdT!344XpUuQ7YIyFQ3UZmSxHG88B5cVP-J29Mgk7T1SDS0ZYCrD8cayPT3gep8V$> _______________________________________________ bmwg mailing list bmwg@ietf.org<mailto:bmwg@ietf.org> https://www.ietf.org/mailman/listinfo/bmwg<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/bmwg__;!!BhdT!344XpUuQ7YIyFQ3UZmSxHG88B5cVP-J29Mgk7T1SDS0ZYCrD8cayPT3gep8V$>
- [bmwg] FW: WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… Gabor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… Gabor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… MORTON JR., AL
- [bmwg] Second part -- Re: FW: WGLC on New version… Gabor LENCSE
- Re: [bmwg] Second part -- Re: FW: WGLC on New ver… bmonkman
- [bmwg] Sequential vs. random -- Re: FW: WGLC on N… Gábor LENCSE
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… MORTON JR., AL
- Re: [bmwg] FW: WGLC on New version of draft-ietf-… bmonkman
- Re: [bmwg] Sequential vs. random -- Re: FW: WGLC … bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Sarah Banks
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… MORTON JR., AL
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… bmonkman
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Gábor LENCSE
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Carsten Rossenhoevel
- Re: [bmwg] WGLC on New version of draft-ietf-bmwg… Gábor LENCSE