I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. Document: draft-ietf-bmwg-sdn-controller-benchmark-meth-05 Reviewer: Russ Housley Review Date: 2018-01-26 IETF LC End Date: 2018-02-02 IESG Telechat date: Unknown Summary: Has (Minor) Issues Major Concerns The tests cover encrypted and unencrypted communications, but nothing is said about the key management. I recognize that the tests will be conducted in the lab, but it would be desirable for the key management to exercise the same interfaces that will be used in a production setting. Minor Concerns Section 1: Please update the first paragraph to reference RFC 8174 in addition to RFC 2119, as follows: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. RFC 2119 is missing from the normative references. If you accept the above suggestion, RFC 8174 needs to be added as well. Nits The term "SDN Controller" is not defined in the companion terminology document, and a definition does not emerge in this document until Section 2, where it says: ... the SDN controller is a function that manages and controls Network Devices. ... I recognize that this is very basic, but it also seems like very important information for the Introduction. Similarly, please explain the difference between a "cluster of homogeneous controllers" and a "federation of controllers." The indenting in the document shifts in Section 5. Some lines other than Section headers are flush with the left margin.