IETF Logo Mail Archive

Re: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt

Taylor Yu <tlyu@mit.edu> Mon, 08 May 2017 01:34 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ED18128A32; Sun, 7 May 2017 18:34:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.303
X-Spam-Level:
X-Spam-Status: No, score=-2.303 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUCPfAIQ5wAJ; Sun, 7 May 2017 18:34:07 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82DC2127333; Sun, 7 May 2017 18:34:07 -0700 (PDT)
X-AuditID: 1209190f-ce9ff70000004ab2-3d-590fcb0d2fe0
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id E3.32.19122.D0BCF095; Sun, 7 May 2017 21:34:06 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id v481Y4Lo020873; Sun, 7 May 2017 21:34:05 -0400
Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v481Y2oP020669; Sun, 7 May 2017 21:34:03 -0400
From: Taylor Yu <tlyu@mit.edu>
To: "MORTON, ALFRED C (AL)" <acmorton@att.com>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org" <draft-ietf-bmwg-ipv6-tran-tech-benchmarking.all@ietf.org>
References: <ldvy3u84ez1.fsf@ubuntu-1gb-nyc1-01.localdomain> <4D7F4AD313D3FC43A053B309F97543CF25F96C2C@njmtexg4.research.att.com>
Date: Mon, 08 May 2017 01:34:02 +0000
In-Reply-To: <4D7F4AD313D3FC43A053B309F97543CF25F96C2C@njmtexg4.research.att.com> (ALFRED C. MORTON's message of "Sun, 7 May 2017 20:41:52 +0000")
Message-ID: <ldvshkg3zed.fsf@ubuntu-1gb-nyc1-01.localdomain>
Lines: 30
MIME-Version: 1.0
Content-Type: text/plain
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrPIsWRmVeSWpSXmKPExsUixG6nost3mj/S4G2PiMXWYxMZLX7Mmcpi MePPRGaLDwsfsjiweLzsn8PosWTJT6YApigum5TUnMyy1CJ9uwSujEObDjIV7OKp6Jk/m62B cQZXFyMnh4SAicSkfRPZuhi5OIQEFjNJ/N41jQnC2cAo8XD/YRYI5yujxKK989m7GDk42ATk JC7fCgbpFhEwlJg18QILiM0scJpRYv81KRBbWCBKYtmVTVBTmxklHu/vYwTpZRFQlTj42xgk zikwhVFi2a1WVpAGXgEbiY+Lv7GB2DwCnBKPzl5mgogLSpyc+QRqgYTEwRcvmCcw8s9CkpqF JLWAkWkVo2xKbpVubmJmTnFqsm5xcmJeXmqRrolebmaJXmpK6SZGUDhySvLvYJzT4H2IUYCD UYmHN6GYP1KINbGsuDL3EKMkB5OSKO+h+UAhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIrznjwLl eFMSK6tSi/JhUtIcLErivOIajRFCAumJJanZqakFqUUwWRkODiUJ3kkngRoFi1LTUyvSMnNK ENJMHJwgw3mAhj8DqeEtLkjMLc5Mh8ifYlSUEudddQIoIQCSyCjNg+sFpYtFn9dvesUoDvSK MG8iSDsPMNXAdb8CGswENDhalAdkcEkiQkqqgbFx97Gj9U/sJglt+HxKvMlU86vkovxl7rsX pvK7tjnd/tvFt/Sy29xoll49piUuL2XVNlu0cv8NZFv86N5sg4s+X6rvtK6ZHSi/hEu0wLoj bIf1qhcLH88Ner1lYdQz276oN86rCwyaJiSwGDOt2x8RxrBOYgnTtpLZIo4vT+X6PUyc0b2p qF6JpTgj0VCLuag4EQDkwtPx8gIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ox7wsrCIQsK_rDaVrB8Jr4Qz67Q>
Subject: Re: [secdir] secdir last call review of draft-ietf-bmwg-ipv6-tran-tech-benchmarking-07.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 01:34:09 -0000

"MORTON, ALFRED C (AL)" <acmorton@att.com> writes:

> you wrote:
>> Please consider replacing it with lowercase "should".  (I read it as
>> predicting a correlation between the network security properties of the
>> DUT in the lab environment and its behavior in a production environment,
>> not as a guideline for implementors.)
>
> This *is* a guideline to implementors, who are part of the intended
> audience. We don't want testers to waste time benchmarking 
> implementations that are for the lab-only; it is recommended
> to test the systems intended for production (and such testing
> will be safer in the isolated lab, of course).

I'm sorry, I guess I misinterpreted, then.  Do you mean that the
implementations tested in the benchmarking lab should not materially
differ from ones intended for production?  As in the tested
implementations should be have neither stronger nor weaker security
properties than their deployed counterparts?  I might be able to suggest
improved wording if I understand your intentions correctly.

> Also, if implementations have run-time error instrumentation,
> so be it, but collecting this info is normally beyond the scope
> of the blackbox lab texting of external phenomena.

I think there is an opportunity here to use instrumented versions of
implementations to detect security-relevant errors and anomalies as they
operate near their performance limits.  I also concede that sort of work
might be outside the scope of this document.  (I can envision a related
document that would cover such security-related topics.)

v2.23.0 | Report a Bug | By Email