Telechat Review of draft-ietf-bmwg-b2b-frame-03
review-ietf-bmwg-b2b-frame-03-secdir-telechat-vucinic-2020-12-15-00

Request Review of draft-ietf-bmwg-b2b-frame
Requested revision No specific revision (document currently at 04)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2020-12-15
Requested 2020-11-19
Authors Al Morton
I-D last updated 2020-12-15
Completed reviews Secdir Telechat review of -03 by Mališa Vučinić (diff)
Tsvart Last Call review of -03 by David L. Black (diff)
Assignment Reviewer Mališa Vučinić
State Completed
Request Telechat review on draft-ietf-bmwg-b2b-frame by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/Z6lkGj9DlggPSHOQ0KZUVyxBbLM
Reviewed revision 03 (document currently at 04)
Result Ready
Completed 2020-12-15
review-ietf-bmwg-b2b-frame-03-secdir-telechat-vucinic-2020-12-15-00
I reviewed this document as part of the Security Directorate's ongoing effort
to review all IETF documents being processed by the IESG. These comments were
written primarily for the benefit of the Security Area Directors. Document
authors, document editors, and WG chairs should treat these comments just like
any other IETF Last Call comments.

Thank you for this well-written document, it was a pleasure to read and I think
it is ready to proceed. Since the document updates RFC2544 benchmarking
procedure for estimating the buffer time of a Device Under Test (DUT), it does
not raise any security issues. Security Considerations section is quite clear
and it stresses that these tests are performed in a lab environment.

I do have a question regarding the last paragraph of the Security
Considerations on special capabilities of DUTs for benchmarking purposes.
Currently, the sentence reads: "Special capabilities SHOULD NOT exist in the
DUT/SUT specifically for benchmarking purposes." Why is this a SHOULD NOT and
not a MUST NOT? Could you give an example when such special capabilities in a
DUT are appropriate?