Dave, This is not really an intranet issue, this is a backbone issue. The two are completely different where security is concerned.
There is already a body of literature on setting up corporate VPNs to secure an Intranet. That is all happening at the IP layer and IPSEC is a good tool. What is going on at Google and Yahoo is that they have got to be so large that they are deploying routers that are designed for supporting backbone traffic and they are essentially backbone providers. And the body of work that exists on IPSEC is just not relevant to that part of their problem. It is not a unique problem though. AT&T, Comcast and the backbone providers have the same sort of issues. They are problems that arise from carrying traffic that is coming from someone else who may have a different idea about how confidential it is to the carrier. A group of large enterprises like ICI faced a similar problem a while back and formed the Jericho forum to tell manufacturers what sort of IT security they needed. It might be useful for a group of like minded companies that buy the biggest of the big iron to come together and hammer out security requirements to hand off to the vendors. Might not wok though. Jericho forum closed recently but I can't see any sign of the data level security they were talking about. There is this place in Fort Meade that it seems could use some of that rather badly and they are not the only ones.
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
