Hi Tim, this aspect is currently mentioned in the security considerations, specifically the last paragraph (https://tools.ietf.org/html/draft-ietf-netmod-nmda-diff-02#page-14), mentioning the fact that comparing datastores for differences requires a certain amount of processing resources, which could be leveraged by an attacker to consume resources via illegitimate requests, and outlining mitigations (ranging from NACM, to limiting the number of requests per time interval and reserving the option to reject a request). Do you think this is sufficient? Adding a separate performance considerations section is of course possible but would be somewhat redundant.
--- Alex From: netmod <netmod-boun...@ietf.org> On Behalf Of Carey, Timothy (Nokia - US) Sent: Wednesday, July 17, 2019 5:50 AM To: netmod@ietf.org Subject: [netmod] Performance considerations for draft-ietf-netmod-nmda-diff Hi, In reviewing the NMDA differences draft, a comment was made that we need to be careful resources requirements placed on the target elements in order to perform the comparison. In some situations the datastores can be quite large and the compute capabilities (CPU, memory) somewhat constrained. Should we add a performance consideration section in this draft with maybe how we would expect a server to respond if the requirements of the request or the associated response exceed the "current" capabilities of the target? BR, Tim
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod