[164075] in North American Network Operators' Group
Re: Security over SONET/SDH
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Jun 24 22:59:26 2013
In-Reply-To: <51C8FFB0.1010805@bogus.com>
Date: Mon, 24 Jun 2013 22:59:02 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: joel jaeggli <joelja@bogus.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jun 24, 2013 at 10:25 PM, joel jaeggli <joelja@bogus.com> wrote:
> Securing the link layer however is not a replacement for an end to end
> solution so just because it's protecting the air interface(s) doesn't really
> mean somebody not looking at the traffic elsewhere.
it's fair to say, I think, that if you want to say something on the
network it's best that you consider:
1) is the communication something private between you and another party(s)
2) is the communication going to be seen by other than you +
the-right-other-party(s)
and probably assume 2 is always going to be the case... So, if 1) is
true then make some way to keep it private:
ssl + checking certs 'properly' (where is dane?)
gpg + good key material security
private-key/shared-key - don't do this, everyone screws this up.
-chris
