[secdir] Secdir last call review of draft-ietf-bmwg-sdn-controller-benchmark-meth-07

Russ Housley <housley@vigilsec.com> Fri, 26 January 2018 21:04 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E25FC126BFD; Fri, 26 Jan 2018 13:04:15 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Russ Housley <housley@vigilsec.com>
To: <secdir@ietf.org>
Cc: ietf@ietf.org, bmwg@ietf.org, draft-ietf-bmwg-sdn-controller-benchmark-meth.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.70.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151700065585.4373.15947979044552046715@ietfa.amsl.com>
Date: Fri, 26 Jan 2018 13:04:15 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/J8ASxw6mI41CLvfY64HqaY9eNIA>
Subject: [secdir] Secdir last call review of draft-ietf-bmwg-sdn-controller-benchmark-meth-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2018 21:04:16 -0000

Reviewer: Russ Housley
Review result: Has Issues

I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: draft-ietf-bmwg-sdn-controller-benchmark-meth-05
Reviewer: Russ Housley
Review Date: 2018-01-26
IETF LC End Date: 2018-02-02
IESG Telechat date: Unknown

Summary: Has (Minor) Issues

Major Concerns

The tests cover encrypted and unencrypted communications, but nothing
is said about the key management.  I recognize that the tests will be
conducted in the lab, but it would be desirable for the key management
to exercise the same interfaces that will be used in a production
setting.


Minor Concerns

Section 1: Please update the first paragraph to reference RFC 8174
in addition to RFC 2119, as follows: 

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

RFC 2119 is missing from the normative references.  If you accept the
above suggestion, RFC 8174 needs to be added as well.


Nits

The term "SDN Controller" is not defined in the companion terminology
document, and a definition does not emerge in this document until
Section 2, where it says:

   ... the SDN controller is a function that manages and
   controls Network Devices. ...

I recognize that this is very basic, but it also seems like very
important information for the Introduction.

Similarly, please explain the difference between a "cluster of
homogeneous controllers" and a "federation of controllers."

The indenting in the document shifts in Section 5.  Some lines
other than Section headers are flush with the left margin.