Hi Melinda, What I mean is that within the walls of a data center, there is an assumption of physical security of the devices connected to the network and knowledge of the security of the administration of the devices.
For example, I assume that the switches/routers providing the underlying network are owned/secured/administrated by the trusted data center administrators who also control what ports on those devices connect to their own trusted devices vs tenant devices which would be considered to not be trusted. Based on that, I suppose you could extrapolate to say that the outer headers sent across the underlying network are trusted since the data center administrator can control what devices connect to the underlying network. - Larry On 7/10/12 9:29 PM, "Melinda Shore" <[email protected]> wrote: >On 7/10/12 7:52 PM, Larry Kreeger (kreeger) wrote: >> Yinxing, >> >> I would argue that inside of a data center the underlying network is >> also trusted. > >I don't know what "underlying network" means in this context - do >you mean that the outer headers on the VPN are "trusted" but the inner >headers are not? > >I'd also think pretty hard about what it means to be "trusted" - >do you think that security mechanisms aren't required at the layer >you've decided to trust? > >Melinda >_______________________________________________ >nvo3 mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
