[secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt
Taylor Yu <tlyu@mit.edu> Sun, 07 May 2017 19:57 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D88B1286CA; Sun, 7 May 2017 12:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.502
X-Spam-Level:
X-Spam-Status: No, score=-1.502 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FRQ7jG4bK-fJ; Sun, 7 May 2017 12:57:45 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C66D01200C5; Sun, 7 May 2017 12:57:44 -0700 (PDT)
X-AuditID: 12074423-5b5ff70000003850-bb-590f7c359764
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 84.CC.14416.53C7F095; Sun, 7 May 2017 15:57:43 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id v47Jvfrf026021; Sun, 7 May 2017 15:57:41 -0400
Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v47JvdH6007383; Sun, 7 May 2017 15:57:40 -0400
From: Taylor Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org
Date: Sun, 07 May 2017 19:57:38 +0000
Message-ID: <ldvy3u84ez1.fsf@ubuntu-1gb-nyc1-01.localdomain>
Lines: 39
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPIsWRmVeSWpSXmKPExsUixG6nrmtewx9pMH+ujMWPOVNZLGb8mchs 8WHhQxYHZo8lS34yBTBGcdmkpOZklqUW6dslcGX8nHiSsWATb0Xr/s3sDYy/uLoYOTkkBEwk uqbfZ+pi5OIQEljMJHHux21WCGcDo8TE3qcsEM5XRok/h+cDORwcbAJyEpdvBYOYIgKpEt9O VYIMEhYIk+g69oIRxGYRUJX4c2AjE4jNK2Aj0TT9EAuIzSPAKdE5sYsdIi4ocXLmE7A4s4CE xMEXL5gnMPLMQpKahSS1gJFpFaNsSm6Vbm5iZk5xarJucXJiXl5qka6ZXm5miV5qSukmRnC4 uCjvYHzZ532IUYCDUYmHN6GYP1KINbGsuDL3EKMkB5OSKO8mPaAQX1J+SmVGYnFGfFFpTmrx IUYJDmYlEd45kUA53pTEyqrUonyYlDQHi5I4r7hGY4SQQHpiSWp2ampBahFMVoaDQ0mCd18V UKNgUWp6akVaZk4JQpqJgxNkOA/Q8GUgNbzFBYm5xZnpEPlTjIpS4rzPQBICIImM0jy4XlA8 L/q8ftMrRnGgV4R5X4BU8QBTAVz3K6DBTECDo0V5QAaXJCKkpBoYrcVND/oti5c3U9PdnyMj 2BHj/PHM6o13b8lrvefI+By76sqRxHM8/0MbgzgZ9D5Fc4qvaSu5JVvx4dS3n2bnZR9/vqH8 ziW+9me139lXcTzro+VjJGTZP+7LYmjkibYWfrxmT/UGK/6qrfUxvluiZGIabi1w/hbcwvXs aoXI2eVnjZL9GycpsRRnJBpqMRcVJwIA+4hC9sICAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/J_LeUkVDnEmlQFmzIXkPOzVe6ro>
Subject: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 May 2017 19:57:46 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready with nits The "SHOULD" in the following sentence doesn't seem like a valid RFC 2119 keyword usage to me. "Any implications for network security arising from the DUT/SUT SHOULD be identical in the lab and in production networks." Please consider replacing it with lowercase "should". (I read it as predicting a correlation between the network security properties of the DUT in the lab environment and its behavior in a production environment, not as a guideline for implementors.) Comments: I'm not sure if you would consider this to be in scope, but might it be useful to instrument implementations being benchmarked with runtime error or anomaly detection? (This would be in addition to the uninstrumented "black-box" measurements.) This could lead to detecting security-relevant bounds checking or memory management errors induced by aggressive benchmarking workloads, possibly identifying vulnerabilities early enough to fix them before they're exploited. Some kinds of instrumentation could have a substantial performance impact, so it might be best to start testing well below the limits of uninstrumented performance of the devices/systems under test. Editorial: Section 13 (Security Considerations) uses "SUT" without a prior expansion. Presumably it means "System Under Test" or "Software Under Test"?
- [secdir] secdir last call review of draft-ietf-bm… Taylor Yu
- Re: [secdir] secdir last call review of draft-iet… MORTON, ALFRED C (AL)
- Re: [secdir] secdir last call review of draft-iet… Taylor Yu
- Re: [secdir] secdir last call review of draft-iet… Marius Georgescu
- Re: [secdir] secdir last call review of draft-iet… Taylor Yu
- Re: [secdir] secdir last call review of draft-iet… MORTON, ALFRED C (AL)
- Re: [secdir] secdir last call review of draft-iet… Marius Georgescu