IETF Logo Mail Archive

Re: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt

Taylor Yu <tlyu@mit.edu> Thu, 11 May 2017 22:59 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFBED12EC60; Thu, 11 May 2017 15:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.323
X-Spam-Level:
X-Spam-Status: No, score=-2.323 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBtbRjIa70eG; Thu, 11 May 2017 15:59:52 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4961129454; Thu, 11 May 2017 15:55:25 -0700 (PDT)
X-AuditID: 1209190d-669ff70000001eeb-b5-5914ebdba30f
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 13.CF.07915.BDBE4195; Thu, 11 May 2017 18:55:24 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v4BMtMRR016181; Thu, 11 May 2017 18:55:22 -0400
Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v4BMtJcG024560; Thu, 11 May 2017 18:55:20 -0400
From: Taylor Yu <tlyu@mit.edu>
To: Marius Georgescu <marius.georgescu@rcs-rds.ro>
Cc: Alfred C Morton <acmorton@att.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org" <draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org>
References: <ldvy3u84ez1.fsf@ubuntu-1gb-nyc1-01.localdomain> <4D7F4AD313D3FC43A053B309F97543CF25F96C2C@njmtexg4.research.att.com> <ldvshkg3zed.fsf@ubuntu-1gb-nyc1-01.localdomain> <3AF9B659-1229-43F8-BA74-1B5526277391@rcs-rds.ro>
Date: Thu, 11 May 2017 22:55:19 +0000
In-Reply-To: <3AF9B659-1229-43F8-BA74-1B5526277391@rcs-rds.ro> (Marius Georgescu's message of "Tue, 9 May 2017 11:38:04 +0300")
Message-ID: <ldvefvv3sx4.fsf@ubuntu-1gb-nyc1-01.localdomain>
Lines: 37
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrJIsWRmVeSWpSXmKPExsUixCmqrHvntUikwa5uUYutxyYyWvyYM5XF YsaficwWz6/eY7L4sPAhiwOrx8v+OYweS5b8ZPJYdmQBcwBzFJdNSmpOZllqkb5dAlfGwQ8T WAru81T8nFrSwDiHq4uRk0NCwERi79mprF2MXBxCAouZJPrW7mOGcDYyStyd844dwvnGKHH7 4gOWLkYODjYBOYnLt4JBukUEjCT2/F/KDGIzC/xglHjSKARiCwtESSy7sokNovcVo8SCj8/Y QRIsAqoSJ07uYQJJcAo0Mkr8ODwJrJtXwEbi66FJjCA2jwCnxPfPM1gg4oISJ2c+YYHYICFx 8MUL5gmM/LOQpGYhSS1gZFrFKJuSW6Wbm5iZU5yarFucnJiXl1qka6SXm1mil5pSuokRHKKS vDsY/931OsQowMGoxMN7oFwkUog1say4MvcQoyQHk5IoL+NEoBBfUn5KZUZicUZ8UWlOavEh RgkOZiURXulXQDnelMTKqtSifJiUNAeLkjivuEZjhJBAemJJanZqakFqEUxWhoNDSYJ3F0ij YFFqempFWmZOCUKaiYMTZDgP0HAhsOHFBYm5xZnpEPlTjIpS4rz8IAkBkERGaR5cLyiFLPq8 ftMrRnGgV4R5xYAJRYgHmH7guoERAPSRCG//H2GQwSWJCCmpBkbXnuXXGv1y/Q7xPhLJ+b7n 9CSep0cLPgeHOGecZKqO/MgRsD5mctSCFcF3eb98XO+6g+ncu44di6pCCoJ3PntY4pQr/XCj w74zhdfvfl5YcPTCgppFkVrTn4d+WLUtkuVPgkCJWEAYt2i77J6awugEnhoZdgHv7CeFJcpC 22sWqV/nsrBaqa7EUpyRaKjFXFScCADwH8BT/AIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ETKb-4Nqd-d3R22CLDkRz0ie4vk>
Subject: Re: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2017 22:59:54 -0000

Marius Georgescu <marius.georgescu@rcs-rds.ro> writes:

>> On May 8, 2017, at 4:34 AM, Taylor Yu <tlyu@mit.edu> wrote:

>> I'm sorry, I guess I misinterpreted, then.  Do you mean that the
>> implementations tested in the benchmarking lab should not materially
>> differ from ones intended for production?  As in the tested
>> implementations should be have neither stronger nor weaker security
>> properties than their deployed counterparts?  I might be able to suggest
>> improved wording if I understand your intentions correctly.

> Indeed, we meant that the implementations tested in the lab should not
> differ from the ones intended for production.

In that case, what do you think of the following change?

OLD

   Further, benchmarking is performed on a "black-box" basis, relying
   solely on measurements observable external to the DUT/SUT. Special
   capabilities SHOULD NOT exist in the DUT/SUT specifically for
   benchmarking purposes. Any implications for network security arising
   from the DUT/SUT SHOULD be identical in the lab and in production
   networks.

NEW

   Further, benchmarking is performed on a "black-box" basis, relying
   solely on measurements observable external to the DUT.  Special
   capabilities SHOULD NOT exist in the DUT specifically for
   benchmarking purposes.  Testers and implementors SHOULD ensure that
   the DUT has identical security properties to its production version.
   For example, any security hardening or instrumentation present on the
   DUT SHOULD also be present in the production version, and vice versa.

Best regards,
-Taylor

v2.23.0 | Report a Bug | By Email