mglt
commented
6 years ago If I understand correctly, the comment says that section 2 should state that deployment has different threats and risks so specific deployment may only consider a subset of the requirements.
I believe the current document agrees with that statement and already provides the text below in section 2. If that does not address the concerns, please let us know how to update the text below
""" The document provides two sets of security requirements:
- SEC-OP: requirements to evaluate a given deployment of Geneve overlay. Such requirements are intended to Geneve overlay provider to evaluate a given deployment. Security of the Geneve packet may be achieved using various mechanisms. Typically, some deployments may use a limited subset of the capabilities provided by Geneve and rely on specific assumptions. Given these specificities, the secure deployment of a given Geneve deployment may be achieved reusing specific mechanisms such as for example DTLS [RFC6347] or IPsec [RFC4301]. """
Section 2: Not all data centers environments have all the risks/threats highlighted in this document. In certain data center environments operated by a cloud provider or a private enterprise, where certain risks highlighted in this document may not be applicable. Hence one or more of the requirements identified in this document may not be applicable to those use cases and the data center operator may do a risk assessment and choose to deploy solutions with subset of requirements that are relevant for their application(s). So the document should make this clear upfront in section 2. So provide examples outlining the type of risk and illustrate which requirement is applicable to such scenario.