Steve (and Stephen) > > - The MPLS peer is already willing to send any traffic from the > > private network to the other peer, which it sincerely hopes is not a > > MITM. > > - Each peer is typically running on an edge router (I believe) and so > > has much more awareness of the network than your typical IPsec OE > > peer. They will actually have the BGP information. > I believe that the MPLS peers, as edge routers, are not under the > control of the end users, as would more likely be the case for > IPsec gateways operating at about the same point in > the path. So, an important part of this discussion is that the > administrative entities managing the encryption are ISPs, not > subscribers. Thus the confidentiality afforded here is more of > an ISP service than a subscriber-controlled service. Also, unless the > MPLS path crosses AS boundaries (not yet common, I believe) this > offers less protection than IPsec could.
I think you are right on all points, and you raise some important qualifications that should be included. But that is to not discount MPLS keying. Not all traffic in an MPLS LSP is IP. Some MPLS traffic is originated outside the provider (cf. enterprises, carrier's carrier, ...) Sometimes the traffic belongs to the provider (look at all those content distribution companies, and the email providers, and the "cloud" companies, etc.) But you main point remains, and I have been asking a number of carriers lately why they don't use L2 security. A whole range of answers from manageability, through reduced capacity, to the fact that it doesn't protect against subverted/misconfigured transit nodes. The message seems to be that the higher up (or further out) we can run our SAs the more secure our data (and the more under our control the fact of security is), but the less metadata is protected and the more complex the SAs are to manage. Adrian (still musing) _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
