4. Security Considerations
This page preserves the original RFC text for the section and adds navigation metadata for the documentation site.
Original RFC Text
4. Security Considerations
This document introduces finer-grained flow identification mechanisms
for DLEP. These mechanisms expose vulnerabilities similar to
existing DLEP messages. An example of a threat to which traffic
classification might be susceptible is where a malicious actor
masquerading as a DLEP peer could inject an alternate Traffic
Classification Data Item, changing the mapping of traffic to queues;
this would in turn cause delay, congestion, or loss in one or more
service classes. Other possible threats are discussed in the
Security Considerations section of [RFC8175] and are also applicable,
but not specific, to traffic classification.
The transport-layer security mechanisms documented in [RFC8175],
along with the latest versions of [BCP195], [IEEE-802.1AE], and
[IEEE-802.1X] at the time of this writing, can be applied to this
document. Implementations following the "networked deployment" model
described in Section 4 ("Implementation Scenarios") of [RFC8175]
SHOULD refer to [BCP195] for additional details. The Layer 2
security mechanisms documented in [RFC8175] can also, with some
updates, be applied to the mechanisms defined in this document.
Examples of technologies that can be deployed to secure the Layer 2
link include [IEEE-802.1AE] and [IEEE-802.1X].