On Tue, Nov 5, 2013 at 10:30 AM, Martin Millnert <[email protected]> wrote:
> there are vendors selling transponder type bitstream encrypters. It's > relatively easy to apply bitstream crypto at the bitstream layer, as I > understand it. (How this holds for 100G serial stream, I don't know. > Many 100G transceivers utilize 4x25G or 10x10G serialisation and muxing > techniques, and how encryption/keying/timing would work here I'm not > sure...) > I am aware that there are existing products designed to prevent data disclosure. But I am not certain that they are designed to prevent traffic analysis or qualified for that role. To be effective in that capacity, the links have to be designed to prevent timing attacks and be qualified in that role. Yes, it will require some work. But I think it is quite practical. All that it takes is for some of the major purchasers to put this down as a requirement in their RFPs and features will appear in the silicon. In fact the requirement is even weaker, the manufacturers merely need to suspect that this might be the case. Yes, I agree that a very likely outcome is that some governments will issue an order telling their ISPs to encrypt the links and give them the decryption keys. But moving from a world where the PLA and the NSA are both tapping Google's links in the US to one where only the NSA can do that is still an advance. There is a limit to the amount of data that the PLA mole's in the NSA and their stripper girlfriends can extract from the system, they can only carry so many USB sticks out the gate of Fort Meade every day. > I would be very vary of proprietary encryption protocols however. > Interoperable and openly standardized (though not bastardized), AES-type > encryption would provide some safety. > Key management, obviously is an issue, as well. > +1 Yes, it has to be done right. And it might well be a job for IEEE rather than IETF but I think it needs to be something that the IETF is involved in setting requirements for and integrating into the IP stack. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
