Security considerations Threats: Injecting signaling messages by on-path/off-path NSIS/non-NSIS nodes Remarking of data packets indicating severe congestion Solutions: Protection of QNE ingress and egress messages (with TLS, C-Mode) Consistency checks between intra-domain and edge-to-edge signaling messages (using RII and BOUND_SESSION_ID). Intra-domain messages are always sent together with inter-domain messages, PDR_Nonce is not needed. Egress or Ingress node is able to identify messages injected by an on-path or off-path adversary (lack of corresponding intra-domain or edge-to-edge message) Intrusion detection to deal with malicious nodes (packet data marking) Off-path interior nodes have no information about flow or session identifiers (unless the paths changes) |