> > We have operationally deployed HIP as a basis for securing our > IP-connected SCADA machine controllers in our factories. This is the > most viable way to secure IP networked-attached SCADA devices that we > know about. Again, the operational costs of doing this are trivial > compared with the risks with leaving these machines inadequately > secured. >
If people are interested in the deployment that Eric cited above, we made a presentation at the last HIP RG meeting in Minneapolis: http://www.ietf.org/proceedings/08nov/slides/HIPRG-0.pdf To briefly summarize it technically, it is an adaptation of HIP to provide a layer-2 VPN for unmodified hosts. We have also separately experimented with a HIP proxy, but only a single middlebox, on-link with the unmodified legacy host; not an off-link proxy serving many hosts. Tom _______________________________________________ rrg mailing list [email protected] https://www.irtf.org/mailman/listinfo/rrg
