[167279] in North American Network Operators' Group
=?windows-1252?Q?Re=3A_Someone=92s_Been_Siphoning_Data_Through_a?=
daemon@ATHENA.MIT.EDU (Jared Mauch)
Fri Dec 6 14:48:06 2013
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <CADE4tYWJ--dhEQGfi1SfQ_g4PUZtHu9t_m04Rn2Y6pRzMZtfPA@mail.gmail.com>
Date: Fri, 6 Dec 2013 14:48:23 -0500
To: Brandon Galbraith <brandon.galbraith@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 6, 2013, at 1:39 PM, Brandon Galbraith =
<brandon.galbraith@gmail.com> wrote:
> If your flows are a target, or your data is of an extremely sensitive
> nature (diplomatic, etc), why aren't you moving those bits over
> something more private than IP (point to point L2, MPLS)? This doesn't
> work for the VoIP target mentioned, but foreign ministries should most
> definitely not be trusting encryption alone.
I will ruin someones weekend here, but:
MPLS !=3D Encryption. MPLS VPN =3D "Stick a label before the still =
unencrypted IP packet".
MPLS doesn't secure your data, you are responsible for keeping it secure =
on the wire.
- Jared=
