On Tue, Jun 16, 2015 at 10:34 AM, Sam Hartman <[email protected]> wrote: > > So, NVO3 is supposed to provide isolation for a TS. > TSes aren't really trusted as I understand it. > > However, we'd like to provide the ability to secure some parts of the > system against compromises that affect more than just a TS. In > particular, we'd like to prevent a compromise of one node in the > virutalization environment from giving you a network-wide compromise. > You will doubtless be able to affect everything going through/hosted on > that node, but this shouldn't imply a compromise of the mapping layers > or data center.
Understood, but the document says (Section 4): ".. attacks are classifed .. into three categories: the attacks from compromised NVO3 devices (inside attacks), the attacks from compromised tenant systems, and the attacks from underlying networks (outside attacks)." Seems like a compromised TS is also an inside attacker (and vice-versa?) so the protection measures for both of these should always be the same? If they are not always the same, it might help to have the doc explain when they would be different, and what differences to take into account, when coming up with the security protections. --Sowmini _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
