I would offer the problem is not securing links (VPN) or backbones (links), but to remind people of this (seemingly obsolete) IETF principle called ‘end-to-end.’ In the context of security, it is that one cannot presume security because you happen to own the network. Bad things happen within a single, private network for a whole host of reasons. So, lock down stuff at the endpoints.
Put eight pages of boilerplate on the above and I just wrote the entire ID Dave suggested. On Nov 28, 2013, at 5:00 AM, Stephen Farrell <[email protected]> wrote: > > > On 11/28/2013 06:08 AM, Randy Bush wrote: >>> Randy is quite right. >> >> has to happen occasionally > > :-) > >>> The attacks reported in the news article were against the private >>> optical fibers linking the geographically distributed data centers of >>> large companies like Google or Yahoo. A discussion about that should >>> start with the folks in charge of securing these data centers at >>> Google, Yahoo, Facebook, Microsoft, et cetera. I can see some >>> difficulties, because a fair bit of the data centers architectures is >>> probably treated as trade secret. And I am really not sure that the >>> IETF is the best place to conduct such discussions. >> >> we had/have the same oroblem with datacenter* wgs. the folk who really >> do it think of it as secret sauce. > > Yep, that's the problem all right. However, we do sometimes > get folks who are willing to document stuff like that that > they've done, so if there are any out there then they should > know that we'd love to see that draft, could get them some > help with writing it if that's needed and with moving it > through the process-maze. > > And as Dave said, there is a potential benefit if more > organisations secure their internal networks since a lot of > them are inter-dependent one way or another via cloudy-foo > stuff. > > Cheers, > S. > > > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
