[secdir] Secdir telechat review of draft-ietf-bmwg-b2b-frame-03

Mališa Vučinić via Datatracker <noreply@ietf.org> Tue, 15 December 2020 11:29 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E102B3A0FBA; Tue, 15 Dec 2020 03:29:40 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: =?utf-8?b?TWFsacWhYSBWdcSNaW5pxIcgdmlhIERhdGF0cmFja2Vy?= <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: last-call@ietf.org, draft-ietf-bmwg-b2b-frame.all@ietf.org, bmwg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160803178079.7403.9358014699248845740@ietfa.amsl.com>
Reply-To: =?utf-8?b?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>
Date: Tue, 15 Dec 2020 03:29:40 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Z6lkGj9DlggPSHOQ0KZUVyxBbLM>
Subject: [secdir] Secdir telechat review of draft-ietf-bmwg-b2b-frame-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 11:29:41 -0000

Reviewer: Mališa Vučinić
Review result: Ready

I reviewed this document as part of the Security Directorate's ongoing effort
to review all IETF documents being processed by the IESG. These comments were
written primarily for the benefit of the Security Area Directors. Document
authors, document editors, and WG chairs should treat these comments just like
any other IETF Last Call comments.

Thank you for this well-written document, it was a pleasure to read and I think
it is ready to proceed. Since the document updates RFC2544 benchmarking
procedure for estimating the buffer time of a Device Under Test (DUT), it does
not raise any security issues. Security Considerations section is quite clear
and it stresses that these tests are performed in a lab environment.

I do have a question regarding the last paragraph of the Security
Considerations on special capabilities of DUTs for benchmarking purposes.
Currently, the sentence reads: "Special capabilities SHOULD NOT exist in the
DUT/SUT specifically for benchmarking purposes." Why is this a SHOULD NOT and
not a MUST NOT? Could you give an example when such special capabilities in a
DUT are appropriate?