Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-14: (with DISCUSS and COMMENT)
"MORTON JR., AL" <acmorton@att.com> Mon, 24 October 2022 13:38 UTC
Return-Path: <acmorton@att.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90959C14F74A; Mon, 24 Oct 2022 06:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPPsIHOQHv1Y; Mon, 24 Oct 2022 06:38:31 -0700 (PDT)
Received: from mx0b-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5F00C1522B5; Mon, 24 Oct 2022 06:37:40 -0700 (PDT)
Received: from pps.filterd (m0288867.ppops.net [127.0.0.1]) by m0288867.ppops.net-00191d01. (8.17.1.5/8.17.1.5) with ESMTP id 29ODJHjE003887; Mon, 24 Oct 2022 09:37:38 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0288867.ppops.net-00191d01. (PPS) with ESMTPS id 3kccmu5nyt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 24 Oct 2022 09:37:37 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 29ODbaCV016909; Mon, 24 Oct 2022 09:37:37 -0400
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [135.47.91.177]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 29ODbUG1016730 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 24 Oct 2022 09:37:31 -0400
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [127.0.0.1]) by zlp30486.vci.att.com (Service) with ESMTP id C0ED34016CA2; Mon, 24 Oct 2022 13:37:30 +0000 (GMT)
Received: from GAALPA1MSGED2CA.ITServices.sbc.com (unknown [135.50.89.132]) by zlp30486.vci.att.com (Service) with ESMTP id 68ECB4016CA1; Mon, 24 Oct 2022 13:37:30 +0000 (GMT)
Received: from GAALPA1MSGEX1CE.ITServices.sbc.com (135.50.89.112) by GAALPA1MSGED2CA.ITServices.sbc.com (135.50.89.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Mon, 24 Oct 2022 09:37:30 -0400
Received: from GAALPA1MSGETA02.tmg.ad.att.com (144.160.249.124) by GAALPA1MSGEX1CE.ITServices.sbc.com (135.50.89.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12 via Frontend Transport; Mon, 24 Oct 2022 09:37:30 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.176) by edgeal.exch.att.com (144.160.249.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.12; Mon, 24 Oct 2022 09:37:26 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KL1su6u4cwtJmy9YCG+F+D+t4k9vR2EfJnhd79glN75Y0dD/+2hhezEhDma05xdeXpPHCfbZOyRHBxpX3WbvTIFhz40eQ4M7st/PR6sRKu5YdNa1MtTJrbx0fE83qxRaLZ5Wv4AiyeVGciK2rAH84ET2nD5JzC+shAvwGO+qXPf3hmhQXAF0Sw3XTmN+TxjtU57FOiT5dL5P3jWu3Ipe+DecvOX2Dj7bU02/pP8kNcE0XCTjADxI1HfjqB/ed85DW/L0zGvIGTrxTY5RIIxkh7waeaDSIY2bY8gyB+i5L1Z6WApGRNWo7Ou1arivlqTt9+ZzI/Dhv77Glsn8c1JVdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vYJHg3vc2FvgHF7xC3hC2I6V2fbQQbdXitT86zzm6y4=; b=P+LEjSpkmWAydq14cyabfrl82PjzEbxlk4Odywdz8Jws7iskMwG39YBMhXouHA7kdTMPlYEaRg/sA/j0Bv16e8FJrSxR8DWt6KXFC+FirYEsf5Hu+LoSkuZr88t7dxz6nntiLK69i+wSTA8uSzVnYiUoiGjFufO8mYte8HbALKsqdtPnDmTBWyyNkxNd/GXC23It1X63xpkclG3w0wXvRC0at/SNY2DghXhV4siEgJ1ls6e7fupbN6E7aKdoCNRz8pwQ1lq3fi8S8pMT7KNAGXxXlMO7O2jmr0rpWmLnpma7zYMJQ30ZPUHDCR47Fs59b00Q1sT4d8mDcVTFZElQag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vYJHg3vc2FvgHF7xC3hC2I6V2fbQQbdXitT86zzm6y4=; b=LtKvoh4tWm4+JpBrIh6Ey1uW+xyjY/NTAvUqA5wVTBhXnQmNIthGoYZG4BNlETcLrtSNOXyItIE7+tKlnReYNIWbqCxaY/iI5NtDDVRNV9pBjqG8Kf9l43RcQ4nLLxeBxc452TDhUg/O04po2p1SPgu5HYWw8Eb/6EVkRKepCWQ=
Received: from CH0PR02MB7980.namprd02.prod.outlook.com (2603:10b6:610:105::17) by CO6PR02MB8740.namprd02.prod.outlook.com (2603:10b6:303:137::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.35; Mon, 24 Oct 2022 13:37:22 +0000
Received: from CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::7298:d034:46f9:41a5]) by CH0PR02MB7980.namprd02.prod.outlook.com ([fe80::7298:d034:46f9:41a5%9]) with mapi id 15.20.5723.033; Mon, 24 Oct 2022 13:37:20 +0000
From: "MORTON JR., AL" <acmorton@att.com>
To: Roman Danyliw <rdd@cert.org>, Bala Balarajah <bm.balarajah@gmail.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-bmwg-ngfw-performance@ietf.org" <draft-ietf-bmwg-ngfw-performance@ietf.org>, "bmwg-chairs@ietf.org" <bmwg-chairs@ietf.org>, "bmwg@ietf.org" <bmwg@ietf.org>, Al Morton <acm@research.att.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-14: (with DISCUSS and COMMENT)
Thread-Index: AQHY5Kdfnk9ebcuwm0qpKNVjusHVfK4a4dQAgAAPqYCAAqA70A==
Date: Mon, 24 Oct 2022 13:37:20 +0000
Message-ID: <CH0PR02MB79803D3BB2AE35E0E21C4084D32E9@CH0PR02MB7980.namprd02.prod.outlook.com>
References: <166568668844.39192.10045972592261938837@ietfa.amsl.com> <CA+7QJZhhdMgJ_eN1J1nKgmYNBAyOHrW2x-HF+_AaxvVQtcL0BQ@mail.gmail.com> <BN2P110MB110761D2C11A9E560BE7739FDC2A9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CA+7QJZhnt9x8veGt_GbLuXjn+kq5rot12YXJoK6Br8ZRNwBbsw@mail.gmail.com> <BN2P110MB110772289D7A7D31C00A549DDC2C9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB110772289D7A7D31C00A549DDC2C9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR02MB7980:EE_|CO6PR02MB8740:EE_
x-ms-office365-filtering-correlation-id: 2bba9685-5e12-4e43-331d-08dab5c4e035
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ld9/deVBn1vduPL7lgw6ekqvKtenROGmtEPRggTqR/OgyNStwtxaeYMC2Ef35wn9W7v/xQ4y8fTWcMlSxmEfbDL04g6CqwliJ7HQPyocl8/xkaVxLhFokiIpVJnnA4KBiCwH5FxUGM4GArN/G513FWpWI2KI6KJ9eB7e2kOsxMFt1ZGTn++IXYz5Ode1fxPo3kioDDCnnb25iDIhCMVf8MOQWkietTy6ygJOaBGyK7W/8eLC3cxu36+DcJv1mJ7Y8QsUnjlQrbJLS7nBNRHzIo537fZ+Qou+ymf153P9XQ+DfQP1tAHDOMWvRUorNkZL8Hv2VgQ/BQqpc1uL98P2KVBXlijXnSbtfn//9Q4yXp3sIZSo7Zr84QF95PiMIIHbVDPZgMn/byB/YAZwvUIrkY2iCPXDI9jnMqqpIQ6CeSifxhPpb496Dc5zkunF34uWWNlPCY4ovOBQs9QIbC8Boy51DB8Ye5fD7EsajQw7S9LH55+IzSoJQX+1JEE/i2A1cyHvxnWMia/Oijl0KAaKgIMBxAy2uvxiVQBApNv4AH35mAgyYdTikUcBfbtvW6hG0a0VdOTtWokBdPxBMdX6Unt7vtgW+PQdSIv4Nps15fdTcZ0RuO/gXEWw5TbVU2PK6nBo4iszkSe0BGGf3FSeFUNyWljHDqs2J7+8W7dLwaaydnauoJNl5lpyrPvIy24tlMhvy4x09+bAZtYEAR4uOk4cNhFiNDSUzeFd+OwDZlBmFOlCUzrIfASGp5QJwFLBg08MnJQobgXEhIN1uewSYA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR02MB7980.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(396003)(366004)(346002)(136003)(376002)(451199015)(2906002)(86362001)(71200400001)(66899015)(478600001)(33656002)(82960400001)(110136005)(66556008)(54906003)(316002)(38100700002)(7696005)(6506007)(122000001)(76116006)(66476007)(8676002)(66946007)(53546011)(64756008)(66446008)(4326008)(38070700005)(8936002)(82202003)(52536014)(9686003)(5660300002)(41300700001)(186003)(55016003)(26005)(83380400001)(559001)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HMQqetwNAFR+GrsIXlE0dxHkUa1EoN/c/qRNwgCRUUfV9qOf4CLB9FnBn71HFAQ3cxgaLCE6fJs9bKQC8ykCOwDmNzK0KdtWmXPYCMlguPZQMSJUNFgd9j6egbAXUd7EuYNP6w8UD9bPP4xfTEQiJrKO1wi60q/WnYB1/2ficgwCk4f2Nn3ObMZHkilYCMNotQ8KQaAUBTKu4Blkuazo8FbJKFD9UHkCdrSCt5G4aUSRO/Q7agsVgA7sntgFQz/PijULLbB8rsq9qA3ffrDRd/Tn4TvisYYASTWwjroOoXtRu8birBjyfvk5j1+pF2fey75bspnrbUptIh1OyYpfTWf3LTkdWA0I8FzZk/iLdAw3lRlrDO6UE8X6IO/E9dqswNePTf9VQmSCYPKsjWCu40R/UDwe76lCnBfQYPG1FdvX5Y+dUkX6d1fURpyq2Vv9mJ7A6WWpC+LVwLc7AvDgbj6x3flaDiiN/c8ZA25GImGC8VR7TLKpj3sPnhMrPgMMIIlmVH81Joy3GjatwWUSSkiQMJfRHRd2gk/c/maUkHLL6SAHFTIcPzONr0gaE9maM/OowVlWQY3mc0agD0ewTAEvZHb3ahIvD1uGTRqyVHrmjIxD/3sj/ySOXmaSQmy47e06rNV22DfGGkU+c2ll7D3rJq+zHri7b+O3sUZSS9rNB2K/ce/N84upiSOrk3AB5QEdDuMHF7Ou9hq9RQueXQPm5swZhPxs3ffjmQPAQ4TC2/hffe+KY7Jrdy/t7Wzgi0At4YB+1EsfG5E5QpaKHycPi1MlsH1Wde6bUC0Hl2cxUopux95/l2GUeafwml3kx4p6YshKQCbsL+bXtrxubF20WMgisDOegt3zXFbPZbXanDO+BAffXdHwf6mo20jRIgi9uj/DYA/faHl3s9VL6Utep03k+iiEVqOVcy22Azgaw1GdUxueD+WOz4urjuE9E6I187kuinSAMADfR2kyoSu4oCWnlvn+DzGP1U0YjQEaK2g0aIizq7As2ZIfBWPWGhuXGwBIDz+yU/shlnr/wsinDPi7k/I26rlxzqaEKNhRh15IWRTZtJ4MgYcCZC0S1TW5R1tTW80Eb8itrFFcALJDnfaUDqn2RRX7mh+DYSPq7cbYTVvUEgFPqvOulxWcYVqqha6Wk+tm3ER3fYOc8dOnN2A9RlGL//D1TXY0TvgIy18bj7DvgKI9CMc0IPfAZ9TNR1JbRfcp+QXDoxtoZ9SC2P2X58f+6W39PhrRM7LgoL/8ae3Z12TG/bmektI5iyP5LhTnPirgxPd8hikNGQtzUQNwXIQkQW5EUtXbyRQ48pVVe3vF/Wm0vTs99hdssX/nbXbgoG86lP+VrowBr4SiwDF/o/NqlvZFbfs4OPxLZ6kqdFKexhZSqTVH6Npea+7e8hhAxHsZhYYZyDHGShm4Jxer5fkAaplfE96oNQq/yEl7MkWUlaFdggVGHCFGNfLH/BKM9R2GGf7N7D32f+bp+nXenFhHwhGaMI24kNTusBdcapKB75G8T9nkQVtGcRslqhIwKBC41nZCNC0/C8UM2a56/YWuVpQNPFTTLaA=
Content-Type: multipart/alternative; boundary="_000_CH0PR02MB79803D3BB2AE35E0E21C4084D32E9CH0PR02MB7980namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR02MB7980.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2bba9685-5e12-4e43-331d-08dab5c4e035
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Oct 2022 13:37:20.5821 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +y06b4HrgzMAquPME6VEXiDZasQryw0w4vnI7j917pk2CXOPNr1aT9mwNoi49oWl
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR02MB8740
X-TM-SNTS-SMTP: D2F45D5C7B44E88D1175E8F097E2719378145A8F492E7E28170437F25EDD06C62
X-Proofpoint-GUID: xfj1m31DNW-Ll4ijDPbUEm8Nxli67FXE
X-Proofpoint-ORIG-GUID: xfj1m31DNW-Ll4ijDPbUEm8Nxli67FXE
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-24_04,2022-10-21_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 malwarescore=0 impostorscore=0 mlxscore=0 phishscore=0 lowpriorityscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 priorityscore=1501 suspectscore=0 clxscore=1011 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210240083
Archived-At: <https://mailarchive.ietf.org/arch/msg/bmwg/mdSYTuMNDmhwY-RCcgpa-PTJUMk>
X-Mailman-Approved-At: Mon, 24 Oct 2022 06:40:23 -0700
Subject: Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-14: (with DISCUSS and COMMENT)
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bmwg/>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2022 13:38:37 -0000
Thanks for all your work to clear ballot comments, Bala, Brian, and Carsten! Thanks for your comments/attention to this draft, Roman! Al bmwg-co-chair From: bmwg <bmwg-bounces@ietf.org> On Behalf Of Roman Danyliw Sent: Saturday, October 22, 2022 5:30 PM To: Bala Balarajah <bm.balarajah@gmail.com> Cc: The IESG <iesg@ietf.org>; draft-ietf-bmwg-ngfw-performance@ietf.org; bmwg-chairs@ietf.org; bmwg@ietf.org; Al Morton <acm@research.att.com> Subject: Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-14: (with DISCUSS and COMMENT) Hi Bala! Thanks for updated text in -15. It addresses all of my feedback. I’ve cleared my ballot. Roman From: Bala Balarajah <bm.balarajah@gmail.com<mailto:bm.balarajah@gmail.com>> Sent: Saturday, October 22, 2022 4:34 PM To: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> Cc: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; draft-ietf-bmwg-ngfw-performance@ietf.org<mailto:draft-ietf-bmwg-ngfw-performance@ietf.org>; bmwg-chairs@ietf.org<mailto:bmwg-chairs@ietf.org>; bmwg@ietf.org<mailto:bmwg@ietf.org>; Al Morton <acm@research.att.com<mailto:acm@research.att.com>> Subject: Re: Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-14: (with DISCUSS and COMMENT) Hi Roman, Thank you for your recommended text. We have updated Section 3 and also incorporated all your comments into the new version. I have just posted the new version 15. Thanks, Bala Am Do., 20. Okt. 2022 um 19:13 Uhr schrieb Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>: Hi Bala! From: Bala Balarajah <bm.balarajah@gmail.com<mailto:bm.balarajah@gmail.com>> Sent: Wednesday, October 19, 2022 6:42 PM To: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> Cc: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; draft-ietf-bmwg-ngfw-performance@ietf.org<mailto:draft-ietf-bmwg-ngfw-performance@ietf.org>; bmwg-chairs@ietf.org<mailto:bmwg-chairs@ietf.org>; bmwg@ietf.org<mailto:bmwg@ietf.org>; Al Morton <acm@research.att.com<mailto:acm@research.att.com>> Subject: Re: Roman Danyliw's Discuss on draft-ietf-bmwg-ngfw-performance-14: (with DISCUSS and COMMENT) Hi Roman, Thanks for the review. Please see our responses inline below. If you are satisfied with our responses, we will post the new draft version before IETF 115 draft cutoff (Monday, Oct 24th ). ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (Updated Ballot) -- [per -13] Recognizing that NGFW, NGIPS and UTM are not precise product categories, offerings in this space commonly rely on statistical models or AI techniques (e.g., machine learning) to improve detection rates and reduce false positives to realize the capabilities in Table 1 and 2. If even possible, how should these settings be tuned? How should the training period be handled when describing the steps of the test regime (e.g., in Section 4.3.4? Section 7.2.4?) [per -14] Thank for explaining that the training phase would not be included in the threat emulating in your email response. Since the goal of these document is specify reproducible testing, the primary text I was look for was an acknowledgment that the detection performance of some systems may be affected by learning from prior traffic. Any state kept by such systems much be reset between testing runs. [Authors] : Machine Learning and behavioral analysis systems are not included in the scope of this test, as it uses lab-generated traffic for measurement of performance KPIs, and captured/replayed traffic as the body of the security portion of testing. Neither of these environments is conducive to the use of ML or behavioral analysis solutions. We can add the following sentence in the draft, if it gives more clarity: "Machine Learning and behavioral analysis features are not included in the scope of the performance benchmarking test." Thanks. Your proposed text and assessment seem a little bit different. The latter is more of what I expected, these systems are out of scope). The former seems to say something weaker, assessing these features aren’t in scope. My recommendation would be for something a bit stronger on what to do with a this testing regime relative to this class of system appended to the end of Section 3 that combines both the former and latter ideas. Roughly: ==[ snip ]== The performance testing methodology described in this document is not intended for devices that rely on machine learning or behavioral analysis. If such features are present in a device under test, they should be disabled. ==[ snip ]== ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (Updated Ballot) Thanks for the changes made in -13. ** [per -13] Section 3. Per “This document focuses on advanced, …”, what makes a testing method “advanced”? [Authors]: Comparing previous RFCs 2544 and RFC3511, this draft provides a more in-depth test methodology for test parameter definition, test results validation criteria, and test procedures defined in section 7 and its subsections. [Roman] Makes sense. My intent was to suggest that this distinction from RFC2544/3511 being described as advanced was not clear. ** [per -13] Section 4.2. Should the following additional features be noted as a feature of NGFWs and NGIPS (Table 2 and 3 in -14)? -- geolocation or network topology-based classification/filtering (since there is normative text “Geographical location filtering SHOULD be configured.”) [Authors]: We will add the following sentence in the next release: Geographical location filtering SHOULD be configured. If the DUT/SUT is not designed to perform geographical location filtering, it is acceptable to conduct tests without them. However, this MUST be noted in the test report. [Roman] Thanks. ** [per -13/14] Table 2. Is there a Anti-Evasion (listed in Table 3 for NGIPS) are not mentioned here (for NGFW). [Authors]: Anti-Evasion should be included in NGFW in the same manner as NGIPS. We will add this in the next release. [Roman] Thanks. ** [per -13] Section 4.2. Per “Logging SHOULD be enabled.” How does this “SHOULD” align with “logging and reporting” being a RECOMMENDED in Table 1 and 2? [Authors]: According to the security product vendors (the draft contributors), "logging and reporting" is one of the mandatory (MUST) and default features for security devices. For this reason, we removed it from the tables that contain RECOMMENDED and OPTIONAL features only. Therefore, we added the following text below table 3, which applies to both NGFW and NGIPS: “Logging and reporting MUST be enabled." [Roman] The way I was approach it was with the expectation that all of the possible features described in Table 1 were going to be crossed walked with their normative requirements in Table 2 and 3. If the WG prefers to keep it as described, no problem. Thanks for explaining. [per -14] Thanks for the edits here. I think a regression was a regression introduced. Table 3 (NGIPS) used to have “Logging and Reporting” just like Table 2 in -12. [Authors]: There was a mistake. As mentioned above, "Logging and Reporting" will be removed from both tables. We will update this in the next release. [Roman] Thanks. It was the inconsistency that caught me. Thanks, Roman
- [bmwg] Roman Danyliw's Discuss on draft-ietf-bmwg… Roman Danyliw via Datatracker
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… Bala Balarajah
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… Bala Balarajah
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [bmwg] Roman Danyliw's Discuss on draft-ietf-… MORTON JR., AL