On Mon, Jan 13, 2014 at 11:53:26AM -0500, Stephen Kent wrote:
> >It helps against some attacks, but it doesn't help for others, right?
> >After all, if you are a US national, you might not trust that the
> >Chinese Telecom won't pass your traffic to the MSS. (Or if you are a
> >German national, that AT&T won't decrypto your traffic and then pass
> >it off to the NSA...)
> yep. IPsec, under the control of a subscriber, offers more protection,
> in princple.
Or put another way, MPLS-mediated encryption violates the end-to-end
principle. It also allows ISP's to violate net neutrality principles
as well (i.e., by allowing them to do deep packet inspection and then
prioritizing some traffic over others).
- Ted
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
