mglt
commented
5 years ago I believe the text has been read as a security requirements, which is not the case. I propose the following change:
OLD: Avoiding leaking information is hard to enforced and the security requirements expect to mitigate such attacks by lowering the consequences, typically making leaked data unusable to an attacker..
NEW: Avoiding leaking information is hard to enforced. The security requirements provided in section {{sniffing} expect to mitigate such attacks by lowering the consequences, typically making leaked data unusable to an attacker.
The nature of the rogue element is described in section 4 with the text provided in section 5. I believe this address this concern.
Note that the rogue element is a NVE, a forwarding element, a TS does not really matter. What matters is its ability to interfere with the Geneve overlay. Of course some elements have more capabilities than others. I will add some text around those lines.
Do you think we should add such consideration ?
Section 4.1 - paragraph beginning with “Avoiding” – this is a very generic statement and imposes a requirement that is not needed (“..typically making leaked data unusable..”). Also please identify which is the rogue element described in this paragraph. For example, is this an NVE or a forwarding element in the underlay?