Hello Yaron- The Security Considerations section now reads as follows: 6. Security Considerations The reader is directed to the Security Considerations section of [RFC8166] for background and further discussion. The RPC-over-RDMA version 1 protocol framework depends on the semantics of the Reliable Connected (RC) queue pair (QP) type, as defined in Section 9.7.7 of [IBA]. The integrity of CM Private Data and the authenticity of its source are ensured by the exclusive use of RC queue pairs. Any attempt to interfere with or hijack data in transit on an RC connection results in the RDMA provider terminating the connection. Additional analysis of RDMA transport security appears in the Security Considerations section of [RFC5042]. That document recommends IPsec as the default transport layer security solution. When deployed with iWARP, IPsec establishes a protected channel before any iWARP operations are exchanged, thus it protects the exchange of Private Data that occurs as each QP is established. However, IPsec is not available for InfiniBand or RoCE deployments. Those fabrics rely on physical security and cyclic redundancy checks to protect network traffic. Improperly setting one of the fields in a version 1 Private Message can result in an increased risk of disconnection (i.e., self-imposed Denial of Service). There is no additional risk of exposing upper- layer payloads after exchanging the Private Message format defined in the current document. In addition to describing the structure of a new format version, any document that extends the Private Data format described in the current document must discuss security considerations of new data items exchanged between connection peers. -- Chuck Lever -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
