mglt
commented
6 years ago The sentence has an issue so it needs to be addressed anyway. The intention of the text is to position the two documents. This has been asked by the WG that we compare/position the two documents. In addition, nvo3-security-requirements is a valid document and we expect the reader to have a look at it.
For your second suggestion, I am reading the texts as equivalent, and here is what I propose. I suppose this address the concern.
OLD: Attacks from compromised NVO3 and underlay network devices, and attacks from compromised tenant systems defined in [I-D.ietf-nvo3-security-requirements]. This document considers these attacks in the scope of Geneve, that is when the attackers knowing the details of the Geneve packets can perform their attacks by changing fields in the Geneve tunnel header, base header, Geneve options and Geneve inner payload. The scope of Geneve excludes security requirements related to the control plane.
NEW: This section considers attacks performed by NVE, network devices or any other devices using Geneve, that is when the attackers knowing the details of the Geneve packets can perform their attacks by changing fields in the Geneve tunnel header, base header, Geneve options and Geneve inner payload. Attacks related to the control plane are outside the scope of this document. The reader is encouraged to read [I-D.ietf-nvo3-security-requirements] for a similar threat analysis of NVO3 overlay networks.
Section 4: Suggest to make this document self-contained, we don’t know the status of the other document. Just we can state that “securing control plane is not in scope of this document”.