Agreed. That was not what Dave was asking for, however. He was looking for how an ISP can secure their customer network.
One could advocate for TOR or SilentCircle style solutions, where all traffic
is forced to a particular node where one obfuscates next hops, add in dummy
packets, make all packets the same size, and transmit a continuous train of
packets.
The good news is that would make it orders of magnitude harder for someone
monitoring the network to do traffic analysis.
The bad news is it would make it trivial for someone to monitor the network if
they own the ingress node. This is in fact why a number of repressive regimes
are demanding the IETF create such protocols, under the guise of “please make
sure our packets do not flow to the US/UK/Iran/{favorite boogeyman of the
moment}."
On Nov 28, 2013, at 6:47 AM, Norbert Bollow <[email protected]> wrote:
> Eric Burger <[email protected]> wrote:
>
>> I would offer the problem is not securing links (VPN) or backbones
>> (links), but to remind people of this (seemingly obsolete) IETF
>> principle called ‘end-to-end.’ In the context of security, it is that
>> one cannot presume security because you happen to own the network.
>> Bad things happen within a single, private network for a whole host
>> of reasons. So, lock down stuff at the endpoints.
>
> Yes, end-to-end encryption is absolutely essential.
>
> But protecting "who communicated with whom" data, which can also be
> highly sensistive, requires further steps in addition to end-to-end
> encryption.
>
> Greetings,
> Norbert
> _______________________________________________
> perpass mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/perpass
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
