Adrian,
...
But you main point remains, and I have been asking a number of carriers lately
why they don't use L2 security. A whole range of answers from manageability,
through reduced capacity, to the fact that it doesn't protect against
subverted/misconfigured transit nodes.
These seem like reasonable responses, and there is the fact that any L2
security
mechanism will not play well with any intermediate L3 switching/routing
devices.
The message seems to be that the higher up (or further out) we can run our SAs
the more secure our data (and the more under our control the fact of security
is), but the less metadata is protected and the more complex the SAs are to
manage.
The tradeoffs are not trivial. E-t-e security (confidentiality,
authentication,
integrity, etc.) is "best" but it is also the most costly to deploy and
manage
in many contexts. Deploying security at an administrative boundary for
an enterprise
makes sense for most environments, as it is less expensive and much,
much easier
to manage. That's why a firewall at the interface to an ISP is generally
more attractive
than per-user device firewalls in an enterprise. This argues for IPsec
gateways, vs.
per-user device IPsec, in such environments. One can view MPLS
encryption as analogous,
but if the MPLS encryption is provided by an ISP, vs. an enterprise, the
analogy is
not quite the same.
Traditionally, the security community has felt that the tradeoff between
traffic flow confidentiality and e-t-e confidentiality should be skewed
toward the latter.
In part this is because there may be many other ways to acquire the
protocol metadata,
and because the extra costs associated with providing good TFC are
viewed as too high.
In the 80's I recall that the US DoD didn't feel that it was worth the
cost of
providing TFS for traffic at the SECRET level or below, and they were
worried about
nation state adversaries. So it's a hard sell, in my mind, to emphasize
TFC for the
vast majority of Internet traffic, unless the costs (capital, recurring,
and user impact)
are essentially zero.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
