[164076] in North American Network Operators' Group
Re: Security over SONET/SDH
daemon@ATHENA.MIT.EDU (Philip Dorr)
Tue Jun 25 00:20:23 2013
In-Reply-To: <CAL9jLaYaQTNVJ++=DKjy2geFptfMqQekNB7_QZpo5r-S7HhGkQ@mail.gmail.com>
From: Philip Dorr <tagno25@gmail.com>
Date: Mon, 24 Jun 2013 23:19:52 -0500
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: nanog list <nanog@nanog.org>
Reply-To: tagno25@gmail.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jun 24, 2013 at 9:59 PM, Christopher Morrow
<morrowc.lists@gmail.com> wrote:
> it's fair to say, I think, that if you want to say something on the
> network it's best that you consider:
> 1) is the communication something private between you and another party(s)
> 2) is the communication going to be seen by other than you +
> the-right-other-party(s)
>
> and probably assume 2 is always going to be the case... So, if 1) is
> true then make some way to keep it private:
> ssl + checking certs 'properly' (where is dane?)
> gpg + good key material security
> private-key/shared-key - don't do this, everyone screws this up.
SSH + SSHFP + DNSSEC does public/private key pretty well
