On Oct 16, 2013, at 11:44 PM, SM <[email protected]> wrote: > Hi Joel, > At 23:09 16-10-2013, joel jaeggli wrote: >> MPLS VPN is more virtually private not virtual private. If you consider that >> the functional equivalent of your own wavelength or your own glass then >> maybe it's good enough for your purposes. from my vantage point none of >> those things are the tautological equivalent of an ipsec vpn > > [snip] > >> operators and their customers make tradeoffs all the time, this is one of >> them. > > If I am not mistaken IP VPN has been sold over the years as a secure link.
It doesn't take a lot of sophistication to understand that putting a new header on the outsside and whacking an lsp on something doesn't make it secure in the encryption sense. when you still use the inner ip header as a hash for flow distribution across trunks, that ought be a reminder that you're a label strip away from an ip packet. Regarding marketing, I hear that beer makes me smarter and cigarettes more sophisticated as well. > That might have been good enough previously (see above about tradeoffs). > The threat evolves over time. I am not thinking about state-sponsored > surveillance here. The tradeoff seems to be that the link is secure as it is > private. > > Regards, > -sm
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
