Hi Alex, As long as there isn't any requirements of specific error messages (like resource exceeded) that you want to use if the requests cannot be fulfilled, I think that might be ok; obviously the concern may be security related but also simply related to resource constraints - an authorized system could ask for a comparison that the device simply couldn't complete. That gets lost in security section.
BR, Tim From: Alexander Clemm <a...@futurewei.com> Sent: Wednesday, July 17, 2019 1:38 PM To: Carey, Timothy (Nokia - US) <timothy.ca...@nokia.com>; netmod@ietf.org Subject: RE: Performance considerations for draft-ietf-netmod-nmda-diff Hi Tim, this aspect is currently mentioned in the security considerations, specifically the last paragraph (https://tools.ietf.org/html/draft-ietf-netmod-nmda-diff-02#page-14), mentioning the fact that comparing datastores for differences requires a certain amount of processing resources, which could be leveraged by an attacker to consume resources via illegitimate requests, and outlining mitigations (ranging from NACM, to limiting the number of requests per time interval and reserving the option to reject a request). Do you think this is sufficient? Adding a separate performance considerations section is of course possible but would be somewhat redundant. --- Alex From: netmod <netmod-boun...@ietf.org<mailto:netmod-boun...@ietf.org>> On Behalf Of Carey, Timothy (Nokia - US) Sent: Wednesday, July 17, 2019 5:50 AM To: netmod@ietf.org<mailto:netmod@ietf.org> Subject: [netmod] Performance considerations for draft-ietf-netmod-nmda-diff Hi, In reviewing the NMDA differences draft, a comment was made that we need to be careful resources requirements placed on the target elements in order to perform the comparison. In some situations the datastores can be quite large and the compute capabilities (CPU, memory) somewhat constrained. Should we add a performance consideration section in this draft with maybe how we would expect a server to respond if the requirements of the request or the associated response exceed the "current" capabilities of the target? BR, Tim
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
