Aller au contenu principal

4. Security Considerations

This page preserves the original RFC text for the section and adds navigation metadata for the documentation site.

Original RFC Text

4.  Security Considerations

This document introduces finer-grained flow identification mechanisms
for DLEP. These mechanisms expose vulnerabilities similar to
existing DLEP messages. An example of a threat to which traffic
classification might be susceptible is where a malicious actor
masquerading as a DLEP peer could inject an alternate Traffic
Classification Data Item, changing the mapping of traffic to queues;
this would in turn cause delay, congestion, or loss in one or more
service classes. Other possible threats are discussed in the
Security Considerations section of [RFC8175] and are also applicable,
but not specific, to traffic classification.

The transport-layer security mechanisms documented in [RFC8175],
along with the latest versions of [BCP195], [IEEE-802.1AE], and
[IEEE-802.1X] at the time of this writing, can be applied to this
document. Implementations following the "networked deployment" model
described in Section 4 ("Implementation Scenarios") of [RFC8175]
SHOULD refer to [BCP195] for additional details. The Layer 2
security mechanisms documented in [RFC8175] can also, with some
updates, be applied to the mechanisms defined in this document.
Examples of technologies that can be deployed to secure the Layer 2
link include [IEEE-802.1AE] and [IEEE-802.1X].