Re: [secdir] [bmwg] Secdir last call review of draft-ietf-bmwg-sdn-controller-benchmark-meth-07
bhuvaneswaran.vengainathan@veryxtech.com Mon, 29 January 2018 07:26 UTC
Return-Path: <bhuvaneswaran.vengainathan@veryxtech.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF770131676; Sun, 28 Jan 2018 23:26:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u1ktg2Vnhu-m; Sun, 28 Jan 2018 23:26:21 -0800 (PST)
Received: from smtpout4.netcore.co.in (sm23841.nsmailserv.com [202.162.238.41]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92C06131708; Sun, 28 Jan 2018 23:26:19 -0800 (PST)
Received: from smtpin4.netcore.co.in (unknown [192.168.2.129]) by cf3.netcore.co.in (Postfix) with ESMTP id 43CCE1200F3; Mon, 29 Jan 2018 12:55:57 +0530 (IST)
Received: from cloudmail14.netcore.co.in (cloudmail12.netcore.co.in [202.162.231.3]) by smtpin4.netcore.co.in (Postfix) with ESMTP id 335201686D0; Mon, 29 Jan 2018 12:56:08 +0530 (IST)
Mime-Version: 1.0
Date: Mon, 29 Jan 2018 07:26:09 +0000
Content-Type: multipart/alternative; boundary="----=_Part_916_174912113.1517210769"
Message-ID: <6daa3d4a041bf3a87936bd27901f2039@cloudmail14.netcore.co.in>
X-Mailer: AfterLogic webmail client
From: bhuvaneswaran.vengainathan@veryxtech.com
To: "MORTON, ALFRED C (AL)" <acmorton@att.com>
Cc: Russ Housley <housley@vigilsec.com>, "secdir@ietf.org" <secdir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "bmwg@ietf.org" <bmwg@ietf.org>, "draft-ietf-bmwg-sdn-controller-benchmark-meth.all@ietf.org" <draft-ietf-bmwg-sdn-controller-benchmark-meth.all@ietf.org>
In-Reply-To: <4D7F4AD313D3FC43A053B309F97543CF490A6DC9@njmtexg5.research.att.com>
References: <151700065585.4373.15947979044552046715@ietfa.amsl.com> <4D7F4AD313D3FC43A053B309F97543CF490A6DC9@njmtexg5.research.att.com>
X-Priority: 3 (Normal)
X-SMTP30-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 335201686D0.A2D7F
X-SMTP30-MailScanner: Found to be clean
X-MailScanner-From: bhuvaneswaran.vengainathan@veryxtech.com
X-Cloudmilter-Processed: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/49GFUdfCaXnL9OZsAHfBfdg7ly4>
Subject: Re: [secdir] [bmwg] Secdir last call review of draft-ietf-bmwg-sdn-controller-benchmark-meth-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2018 07:26:25 -0000
Hi Russ, Thank you for your comments. I believe adding Al text helps to address your major concerns. Regarding your minor concerns and Nits feedback, we will address and submit the revised drafts. Best Regards, Bhuvan On Sat, Jan 27, 2018 at 05:58 AM, "MORTON, ALFRED C (AL)" wrote: Hi Russ, Major Concerns The tests cover encrypted and unencrypted communications, but nothing is said about the key management. I recognize that the tests will be conducted in the lab, but it would be desirable for the key management to exercise the same interfaces that will be used in a production setting. Encrypted connections with network devices are mentioned in general, primarily in Section 4.4, as a possibility that may be tested: https://tools.ietf.org/html/draft-ietf-bmwg-sdn-controller-benchmark-meth-07#section-4.4 (https://tools.ietf.org/html/draft-ietf-bmwg-sdn-controller-benchmark-meth-07#section-4.4) It will help if we can iterate on text to satisfy your comment, such as adding: 4.4. Connection Setup There may be controller implementations that support unencrypted and encrypted network connections with Network Devices. Further, the controller may have backward compatibility with Network Devices running older versions of southbound protocols. It may be useful to measure the controller performance with one or more applicable connection setup methods defined below. ADD For cases with encrypted communications between the controller and the switch, key management and key exchange MUST take place before any performance or benchmark measurements. just trying to clarify what you want to see added, Al doc shepherd -----Original Message----- From: Russ Housley [mailto:housley@vigilsec.com (mailto:housley@vigilsec.com)] Sent: Friday, January 26, 2018 4:04 PM To: secdir@ietf.org (mailto:secdir@ietf.org) Cc: ietf@ietf.org (mailto:ietf@ietf.org); bmwg@ietf.org (mailto:bmwg@ietf.org); draft-ietf-bmwg-sdn-controller- benchmark-meth.all@ietf.org (mailto:benchmark-meth.all@ietf.org) Subject: Secdir last call review of draft-ietf-bmwg-sdn-controller- benchmark-meth-07 Reviewer: Russ Housley Review result: Has Issues I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. Document: draft-ietf-bmwg-sdn-controller-benchmark-meth-05 Reviewer: Russ Housley Review Date: 2018-01-26 IETF LC End Date: 2018-02-02 IESG Telechat date: Unknown Summary: Has (Minor) Issues Major Concerns The tests cover encrypted and unencrypted communications, but nothing is said about the key management. I recognize that the tests will be conducted in the lab, but it would be desirable for the key management to exercise the same interfaces that will be used in a production setting. Minor Concerns Section 1: Please update the first paragraph to reference RFC 8174 in addition to RFC 2119, as follows: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. RFC 2119 is missing from the normative references. If you accept the above suggestion, RFC 8174 needs to be added as well. Nits The term "SDN Controller" is not defined in the companion terminology document, and a definition does not emerge in this document until Section 2, where it says: ... the SDN controller is a function that manages and controls Network Devices. ... I recognize that this is very basic, but it also seems like very important information for the Introduction. Similarly, please explain the difference between a "cluster of homogeneous controllers" and a "federation of controllers." The indenting in the document shifts in Section 5. Some lines other than Section headers are flush with the left margin. _______________________________________________ bmwg mailing list bmwg@ietf.org (mailto:bmwg@ietf.org) https://www.ietf.org/mailman/listinfo/bmwg (https://www.ietf.org/mailman/listinfo/bmwg) DISCLAIMER: Privileged and/or Confidential information may be contained in this message. If you are not the addressee of this message, you may not copy, use or deliver this message to anyone. In such event,you should destroy the message and kindly notify the sender by reply e-mail. It is understood that opinions or conclusions that do not relate to the official business of the company are neither given nor endorsed by the company.
- [secdir] Secdir last call review of draft-ietf-bm… Russ Housley
- Re: [secdir] Secdir last call review of draft-iet… MORTON, ALFRED C (AL)
- Re: [secdir] [bmwg] Secdir last call review of dr… bhuvaneswaran.vengainathan