Hi, Melinda If the underlying network is trusted, it is believed that it will do no harm to the other components in the same trust zone. If it is untrusted, it may endanger other components in the different trust zone. We should consider potential security risks in the untrusted case.
"trusted" can be established by phsical security or some other security mechanisms, e.g. IPsec VPN. ----------- Yinxing Wei Melinda Shore <[email protected]> 发件人: [email protected] 2012/07/11 12:29 收件人 [email protected] 抄送 主题 Re: [nvo3] TES-NVE attach/detach protocol security (mobility-issues draft) On 7/10/12 7:52 PM, Larry Kreeger (kreeger) wrote: > Yinxing, > > I would argue that inside of a data center the underlying network is > also trusted. I don't know what "underlying network" means in this context - do you mean that the outer headers on the VPN are "trusted" but the inner headers are not? I'd also think pretty hard about what it means to be "trusted" - do you think that security mechanisms aren't required at the layer you've decided to trust? Melinda _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
