Open mglt opened 5 years ago
The rogue elements are defined in section 4 - see concern 5.
The remaining of the comment seems to say that injecting traffic to a TS requires the rogue element to be NVE and the TS. This is not what we are trying to say.
Section 4.2 describes active attacks and mentions that injection attacks can target TS or the overlay. Active attacks targeting TS injects packets into the TS traffic. The document considers an attacker injection packets to the TS by crafting Geneve packets. How the TS are connected to the NVE does not change anything.
Section 4.2 is structured as follows:
To clarify I propose the following changes. I believe this address the concern.
OLD: Active attacks involve modifying packets, injecting packets, or interfering with packet delivery (such as by corrupting packet checksum). Active attack may target the Tenant System or the Geneve overlay.
NEW: Active attacks involve modifying Geneve packets, injecting Geneve packets, or interfering with Geneve packet delivery (such as by corrupting packet checksum). Active attack may target the Tenant System or the Geneve overlay.