IETF Logo Mail Archive

[secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt

Taylor Yu <tlyu@mit.edu> Sun, 07 May 2017 19:57 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D88B1286CA; Sun, 7 May 2017 12:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.502
X-Spam-Level:
X-Spam-Status: No, score=-1.502 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FRQ7jG4bK-fJ; Sun, 7 May 2017 12:57:45 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C66D01200C5; Sun, 7 May 2017 12:57:44 -0700 (PDT)
X-AuditID: 12074423-5b5ff70000003850-bb-590f7c359764
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 84.CC.14416.53C7F095; Sun, 7 May 2017 15:57:43 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id v47Jvfrf026021; Sun, 7 May 2017 15:57:41 -0400
Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v47JvdH6007383; Sun, 7 May 2017 15:57:40 -0400
From: Taylor Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org
Date: Sun, 07 May 2017 19:57:38 +0000
Message-ID: <ldvy3u84ez1.fsf@ubuntu-1gb-nyc1-01.localdomain>
Lines: 39
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPIsWRmVeSWpSXmKPExsUixG6nrmtewx9pMH+ujMWPOVNZLGb8mchs 8WHhQxYHZo8lS34yBTBGcdmkpOZklqUW6dslcGX8nHiSsWATb0Xr/s3sDYy/uLoYOTkkBEwk uqbfZ+pi5OIQEljMJHHux21WCGcDo8TE3qcsEM5XRok/h+cDORwcbAJyEpdvBYOYIgKpEt9O VYIMEhYIk+g69oIRxGYRUJX4c2AjE4jNK2Aj0TT9EAuIzSPAKdE5sYsdIi4ocXLmE7A4s4CE xMEXL5gnMPLMQpKahSS1gJFpFaNsSm6Vbm5iZk5xarJucXJiXl5qka6ZXm5miV5qSukmRnC4 uCjvYHzZ532IUYCDUYmHN6GYP1KINbGsuDL3EKMkB5OSKO8mPaAQX1J+SmVGYnFGfFFpTmrx IUYJDmYlEd45kUA53pTEyqrUonyYlDQHi5I4r7hGY4SQQHpiSWp2ampBahFMVoaDQ0mCd18V UKNgUWp6akVaZk4JQpqJgxNkOA/Q8GUgNbzFBYm5xZnpEPlTjIpS4rzPQBICIImM0jy4XlA8 L/q8ftMrRnGgV4R5X4BU8QBTAVz3K6DBTECDo0V5QAaXJCKkpBoYrcVND/oti5c3U9PdnyMj 2BHj/PHM6o13b8lrvefI+By76sqRxHM8/0MbgzgZ9D5Fc4qvaSu5JVvx4dS3n2bnZR9/vqH8 ziW+9me139lXcTzro+VjJGTZP+7LYmjkibYWfrxmT/UGK/6qrfUxvluiZGIabi1w/hbcwvXs aoXI2eVnjZL9GycpsRRnJBpqMRcVJwIA+4hC9sICAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/J_LeUkVDnEmlQFmzIXkPOzVe6ro>
Subject: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 May 2017 19:57:46 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: Ready with nits

The "SHOULD" in the following sentence doesn't seem like a valid RFC
2119 keyword usage to me.

   "Any implications for network security arising
   from the DUT/SUT SHOULD be identical in the lab and in production
   networks."

Please consider replacing it with lowercase "should".  (I read it as
predicting a correlation between the network security properties of the
DUT in the lab environment and its behavior in a production environment,
not as a guideline for implementors.)

Comments:

I'm not sure if you would consider this to be in scope, but might it be
useful to instrument implementations being benchmarked with runtime
error or anomaly detection?  (This would be in addition to the
uninstrumented "black-box" measurements.)  This could lead to detecting
security-relevant bounds checking or memory management errors induced by
aggressive benchmarking workloads, possibly identifying vulnerabilities
early enough to fix them before they're exploited.

Some kinds of instrumentation could have a substantial performance
impact, so it might be best to start testing well below the limits of
uninstrumented performance of the devices/systems under test.

Editorial:

Section 13 (Security Considerations) uses "SUT" without a prior
expansion.  Presumably it means "System Under Test" or "Software Under
Test"?

v2.23.0 | Report a Bug | By Email