Open mglt opened 6 years ago
Unless I misunderstand the comment, I think we agree as stated in the text below: """ If the rogue device is in charge of the securing the Geneve packet, then Geneve security mechanisms are not intended to address this threat. """
However, maybe we could to state this as these nodes are able to interfere with Geneve and what makes them different - and out of scope of a Geneve security mechanism is that there are tunnel endpoint. In other words, if they are attacking another NVE-NVE communication they become in scope. Do you want to propose some text ?