Re: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt
Marius Georgescu <marius.georgescu@rcs-rds.ro> Tue, 09 May 2017 08:38 UTC
Return-Path: <marius.georgescu@rcs-rds.ro>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C9A129B41; Tue, 9 May 2017 01:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level:
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rcs-rds.ro
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aWf7_e6S4VAJ; Tue, 9 May 2017 01:38:10 -0700 (PDT)
Received: from mailproxy3.rcs-rds.ro (mailproxy3.rcs-rds.ro [212.54.120.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2726B129B40; Tue, 9 May 2017 01:38:09 -0700 (PDT)
Received: from [10.172.5.198] (unknown [10.172.5.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailproxy3.rcs-rds.ro (Postfix) with ESMTPSA id 5AF1A1BD5D2; Tue, 9 May 2017 11:38:06 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rcs-rds.ro; s=MailProxy; t=1494319086; bh=1NF1zCXib75HPQZK74ajehi5X+OLFNbQOpQAfQHBCFA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=O34qxJPKnOZuP90ltWYTscSCt8m8zB9EJwZIBNCNaA1mndLhZsXk/WPELM+BGCLGo MAqSyrEzYPb1vur54ktOVi+uTF/SEXLMdHM5zv8j8b+PELbDP2oGkQVLV92dqL5qCe wOznBMuU1RyF5AMEQuubwFhxxMPBMLnpKld7yvQA=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Marius Georgescu <marius.georgescu@rcs-rds.ro>
In-Reply-To: <ldvshkg3zed.fsf@ubuntu-1gb-nyc1-01.localdomain>
Date: Tue, 09 May 2017 11:38:04 +0300
Cc: Alfred C Morton <acmorton@att.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org" <draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3AF9B659-1229-43F8-BA74-1B5526277391@rcs-rds.ro>
References: <ldvy3u84ez1.fsf@ubuntu-1gb-nyc1-01.localdomain> <4D7F4AD313D3FC43A053B309F97543CF25F96C2C@njmtexg4.research.att.com> <ldvshkg3zed.fsf@ubuntu-1gb-nyc1-01.localdomain>
To: Taylor Yu <tlyu@mit.edu>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YJQ_OF5kAPQ7SWMqsj3TlLJkgMI>
Subject: Re: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 08:38:13 -0000
Hello Taylor, Thank you very much for reviewing the document. Please find my comments inline. > On May 8, 2017, at 4:34 AM, Taylor Yu <tlyu@mit.edu> wrote: > > "MORTON, ALFRED C (AL)" <acmorton@att.com> writes: > >> you wrote: >>> Please consider replacing it with lowercase "should". (I read it as >>> predicting a correlation between the network security properties of the >>> DUT in the lab environment and its behavior in a production environment, >>> not as a guideline for implementors.) >> >> This *is* a guideline to implementors, who are part of the intended >> audience. We don't want testers to waste time benchmarking >> implementations that are for the lab-only; it is recommended >> to test the systems intended for production (and such testing >> will be safer in the isolated lab, of course). > > I'm sorry, I guess I misinterpreted, then. Do you mean that the > implementations tested in the benchmarking lab should not materially > differ from ones intended for production? As in the tested > implementations should be have neither stronger nor weaker security > properties than their deployed counterparts? I might be able to suggest > improved wording if I understand your intentions correctly. Indeed, we meant that the implementations tested in the lab should not differ from the ones intended for production. > >> Also, if implementations have run-time error instrumentation, >> so be it, but collecting this info is normally beyond the scope >> of the blackbox lab texting of external phenomena. > > I think there is an opportunity here to use instrumented versions of > implementations to detect security-relevant errors and anomalies as they > operate near their performance limits. I also concede that sort of work > might be outside the scope of this document. (I can envision a related > document that would cover such security-related topics.) This sounds like an interesting benchmarking subject. However, I think it's outside the scope of this document and should remain that way. Maybe a specific document dedicated to this subject is a better idea. Best regards, Marius
- [secdir] secdir last call review of draft-ietf-bm… Taylor Yu
- Re: [secdir] secdir last call review of draft-iet… MORTON, ALFRED C (AL)
- Re: [secdir] secdir last call review of draft-iet… Taylor Yu
- Re: [secdir] secdir last call review of draft-iet… Marius Georgescu
- Re: [secdir] secdir last call review of draft-iet… Taylor Yu
- Re: [secdir] secdir last call review of draft-iet… MORTON, ALFRED C (AL)
- Re: [secdir] secdir last call review of draft-iet… Marius Georgescu