Re: [secdir] Secdir early review of draft-ietf-bmwg-ngfw-performance-00

"Brian Monkman" <> Mon, 08 July 2019 20:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5F32C120086 for <>; Mon, 8 Jul 2019 13:40:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.604
X-Spam-Status: No, score=-0.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v6bkpIXST-D7 for <>; Mon, 8 Jul 2019 13:40:28 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B81DF1202CD for <>; Mon, 8 Jul 2019 13:40:26 -0700 (PDT)
Received: by with SMTP id y26so6843112qto.4 for <>; Mon, 08 Jul 2019 13:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=yYx/H+KQXBN094jLAtWooUjYvNms58BW9Wn4ycNu/6E=; b=tVOS6Hu46SIyEQOCYmtwS41MhjoYcmZvlxgQxR6VXevGVmIbrAhpcbqQpDMYNoBihJ +lsifjsmfAQlhCphXSsrGh9E57cKp8x9/wqVHHnzLN32BjFEt2IAPrtNYmQ3855ciHQw 1MxvSFuaqtefCFzYEWtGEnPW2FSYtVaBEZczsVXAxqXlQYxjDi7Eab9gOLY4CqHC/4Fm ZVCXbJ9H3AA+Akz764tYYnXr1C4TFR1ha7789Cr2HoKz8nvn8Ojif+c1VAMAO5mGanlz gxvByywWptpZ50dQvXNcWyDNo28Imvicul9wuUb4VjjWqeH7AId71lX5UjGd0vsjFBBd JCnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=yYx/H+KQXBN094jLAtWooUjYvNms58BW9Wn4ycNu/6E=; b=R7u+GdnOmhkIxWTzOBz8ksNuicEgGqTsp2mGM9duguZmeUpnDcspcINruWzshcCzYK vvL4pyKH1N/Dbjj3+AU3hqT1YVc7EOVTg/U5sht2Jyvwhiw1f5hvf7tpdw1G9IVbTF/U 0xLU9r7KfG3BBqHqi0Nz/++i//s30Xbt2hqwqH70aHRMAr0nn0ZVLqoMmNqsoSLg6E2Y HLrvksKd2s4v0NN3GMWql906XVV5ghf1d24JPL2ioRGj+AK3earF5Dyyxa1AHSjoYXgk SKGctI3SucF1a2BvbLE16jg36xmuz3sVvwdeJ8ZihAL7yC7JpKITEN89PWRelhdYs2ct p12A==
X-Gm-Message-State: APjAAAVRTXRQyWYJQti2UB7LM6zBYxwsczym9NomXBW51qrCwtT3KRFB uMGZiOdIz8ieiR8rkvjKenSosA==
X-Google-Smtp-Source: APXvYqw5uCLhW8/tTMLp0bwUIAuGihDzQT9P0WQhSPdSz0Y8WdFBWyUqm4REYd/g8JX2A4/I93AUOQ==
X-Received: by 2002:ac8:444c:: with SMTP id m12mr15734751qtn.306.1562618425687; Mon, 08 Jul 2019 13:40:25 -0700 (PDT)
Received: from BrianPC ( []) by with ESMTPSA id p23sm4215810qke.44.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jul 2019 13:40:25 -0700 (PDT)
From: Brian Monkman <>
To: 'Kathleen Moriarty' <>,
References: <>
In-Reply-To: <>
Date: Mon, 08 Jul 2019 16:40:22 -0400
Message-ID: <00b701d535cd$5dd9a490$198cedb0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKALfXAuYNHgZeMPKkOA0rWpRO3s6VrPnQQ
Content-Language: en-ca
Archived-At: <>
Subject: Re: [secdir] Secdir early review of draft-ietf-bmwg-ngfw-performance-00
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Jul 2019 20:40:36 -0000

Thanks for your feedback Kathleen. I will review it with the team and may get back to you with questions.

Brian Monkman

-----Original Message-----
From: Kathleen Moriarty via Datatracker <> 
Sent: July 8, 2019 4:38 PM
Subject: Secdir early review of draft-ietf-bmwg-ngfw-performance-00

Reviewer: Kathleen Moriarty
Review result: Has Nits

Thank you for your work on draft-ietf-bmwg-ngfw-performance.  This is a straightforward review establishing metrics for comparison of SUT/DUT for firewalls establishing measurement requirements as well as acceptance criteria.
 When crypto is recommended for use in testing, it's current, although it should be noted that this is just for test environments.  In terms of security, I think this document is ready with nits.

Please add a security considerations section.  Feel free to include something like what's above.

Section 4.1: Nit

Spell out Device under test/system under test on first use.  I don't think it comes up that often in the IESG review cycle.  I had to look it up and my memory was jogged.

Sorry for my late 'early' review!