[186452] in North American Network Operators' Group
RE: ISP marking ipsec traffic based on certificate, how is this
daemon@ATHENA.MIT.EDU (Nick Ellermann)
Fri Dec 18 22:28:02 2015
X-Original-To: nanog@nanog.org
From: Nick Ellermann <nellermann@broadaspect.com>
To: Mark Zimmer <sgi@tango.lu>, "nanog@nanog.org" <nanog@nanog.org>
Date: Fri, 18 Dec 2015 03:21:15 +0000
In-Reply-To: <74f36cf472f9a41d2d7974cd475e2d6f@tango.lu>
Errors-To: nanog-bounces@nanog.org
U3VyZSB5b3VyIFZQTiB0dW5uZWwgd2Fzbid0ICdzdHVjaycgZmxvd2luZyB0aHJvdWdoIGEgbGVz
cyB0aGFuIG9wdGltYWwgb3Igc2F0dXJhdGVkIElTUCB1cHN0cmVhbSB0cmFuc2l0IHBlZXI/IFNv
bWV0aW1lcywganVzdCByZXN0YXJ0aW5nIHlvdXIgVlBOIG1heSBmb3JjZSB0aGUgdHJhZmZpYyB0
aHJvdWdoIGEgZGlmZmVyZW50IHBhdGggaW4geW91ciBJU1AncyBuZXR3b3JrIGFuZCBjbGVhciB1
cCBhbiBpc3N1ZS4gV2UgbWFuYWdlIG1hbnkgY3VzdG9tZXIgSVBzZWMgdHVubmVscywgaGl0IHNp
bWlsYXIgc2l0dWF0aW9ucyB3aGVyZSBhIHJlc3RhcnQgd29ya3MgdGhlIGJlc3QgZXNwZWNpYWxs
eSB3aGVuIHRoZSBpc3N1ZSBpcyBub3QgaW4gdW5kZXIgeW91ciBjb250cm9sLg0KDQpTaW5jZXJl
bHksDQpOaWNrIEVsbGVybWFubiDigJMgQ1RPICYgVlAgQ2xvdWQgU2VydmljZXMNCkJyb2FkQXNw
ZWN0DQrCoA0KRTogbmVsbGVybWFubkBicm9hZGFzcGVjdC5jb20gDQpQOiA3MDMtMjk3LTQ2MzkN
CkY6IDcwMy05OTYtNDQ0Mw0KwqANClRISVMgQ09NTVVOSUNBVElPTiBNQVkgQ09OVEFJTiBDT05G
SURFTlRJQUwgQU5EL09SIE9USEVSV0lTRSBQUk9QUklFVEFSWSBNQVRFUklBTCBhbmQgaXMgdGh1
cyBmb3IgdXNlIG9ubHkgYnkgdGhlIGludGVuZGVkIHJlY2lwaWVudC4gSWYgeW91IHJlY2VpdmVk
IHRoaXMgaW4gZXJyb3IsIHBsZWFzZSBjb250YWN0IHRoZSBzZW5kZXIgYW5kIGRlbGV0ZSB0aGUg
ZS1tYWlsIGFuZCBpdHMgYXR0YWNobWVudHMgZnJvbSBhbGwgY29tcHV0ZXJzLg0KDQoNCi0tLS0t
T3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBOQU5PRyBbbWFpbHRvOm5hbm9nLWJvdW5jZXNA
bmFub2cub3JnXSBPbiBCZWhhbGYgT2YgTWFyayBaaW1tZXINClNlbnQ6IFRodXJzZGF5LCBEZWNl
bWJlciAxNywgMjAxNSA0OjI5IEFNDQpUbzogbmFub2dAbmFub2cub3JnDQpTdWJqZWN0OiBJU1Ag
bWFya2luZyBpcHNlYyB0cmFmZmljIGJhc2VkIG9uIGNlcnRpZmljYXRlLCBob3cgaXMgdGhpcyBw
b3NzaWJsZT8NCg0KIEhlbGxvIGxpc3QsDQoNCiAgSSBoYXZlIGEgc2l0ZS10by1zaXRlIGlwc2Vj
IHZwbiB3aXRoIHN0cm9uZ3N3YW4uIEl0IHdhcyB3b3JraW5nIHdlbGwNCiAgZm9yIDUtNiBtb250
aHMgdGhlbiBhIGRheSBhZ28gSSBoYXZlIG5vdGljZWQgc29tZXRoaW5nIHN0cmFuZ2UsIHRoYXQN
CiAgZnJvbSBTaXRlLUEgdG8gU2l0ZS1CICh0dW5uZWwgbW9kZSkgb25seSB0aGUgdXBsb2FkIGJh
bmR3aWR0aCBpcyAgY2FwcGVkDQogIGRvd24gdG8gMjAtMzBrYml0L3MgaW5zaWRlIHRoZSBWUE4u
DQogIEkgaGF2ZSB0cmllZCB2YXJpb3VzIGFwcHMgbGlrZSBmdHAsIHNjcCBvbiBkaWZmZXJlbnQg
cG9ydHMgaXQgd2FzIHRoZQ0KICBzYW1lIHJlc3VsdC4gSSBhbHNvIHJhbiBzcGVlZHRlc3Qvd2dl
dCBvbiBib3RoIGVuZHBvaW50cyBqdXN0IHRvIG1ha2UNCiAgc3VyZSB0aGF0IG5vdCB0aGUgZW50
aXJlIGNvbm5lY3Rpb24gb2YgdGhvc2UgbmV0d29ya3MgYXJlIGNhcHBlZC4NCg0KICBTaW5jZSBv
dXRzaWRlIHBhcnRpZXMgY2Fubm90IHNlZSBhbnl0aGluZyBmcm9tIHdoYXQncyBnb2luZyBvbiBp
bnNpZGUNCiAgdGhlIHR1bm5lbCwgZmlyc3QgSSB3YXMgdGhpbmtpbmcgdGhhdCB0aGV5IHN0YXJ0
ZWQgbGltaXRpbmcgdGhlICB0cmFmZmljDQogIGJhc2VkIG9uIHBvcnQgKDQ1MDAgdWRwKSBvciBi
YXNlZCBvbiBwcm90b2NvbCAoRVNQKSwgdGhhdCBpcyBlYXN5IHRvICBkby4NCg0KICBJbiBvbGRl
ciB2ZXJzaW9ucyBvZiBzdHJvbmdzd2FuIGl0J3Mgbm90IHBvc3NpYmxlIHRvIGNoYW5nZSB0aGUg
Y2hhcm9uDQogIG5hdCBwb3J0IChwcm9iYWJseSB3b3VsZG4ndCB3b3JrIGFueXdheSBzaW5jZSBt
b3N0IG9mIHRoZSB0cmFmZmljICBzaG91bGQNCiAgYmUgRVNQIChwcm90b2NvbCA1MCkpLg0KICBJ
IGhhdmUgcmVzdGFydGVkIHRoZSBzdHJvbmdzd2FuIGRhZW1vbiBvbiBib3RoIGVuZHBvaW50cyBt
dWx0aXBsZSAgdGltZXMNCiAgaXQgZGlkIG5vdCBjaGFuZ2UgdGhlIHNpdHVhdGlvbiAodGhlIGJh
bmR3aWR0aCBsaW1pdGluZyB3YXMgc3RpbGwgIHByZXNlbnQpLg0KIA0KICBTbyBteSBsYXN0IGlk
ZWEgd2FzIHRvIG1ha2UgbmV3IHZwbiBjZXJ0aWZpY2F0ZXMuIEZvciBteSBiaWdnZXN0DQogIHN1
cnByaXNlIHdpdGggdGhlIG5ldyBjZXJ0aWZpY2F0ZXMgdGhlIGNhcHBpbmcgd2FzIGdvbmUgYW5k
IHRoZQ0KICBiYW5kd2lkdGggd2VudCBiYWNrIHRvIG5vcm1hbC4gSSBob3BlIEkgZG9uJ3QgaGF2
ZSB0byBwdXQgdGhlIG9sZCAgY2VydHMNCiAgYmFjayBmcm9tIGJhY2t1cCBqdXN0IHRvIG1ha2Ug
YSBwb2ludC4NCg0KICBPbmUgb2YgdGhlIElTUHMgbXVzdCBzdGFydGVkIHRhZ2dpbmcgdGhlIGlw
c2VjIHRyYWZmaWMgYmFzZWQgb24gdGhlDQogIGNlcnRpZmljYXRlIGFuZCB0aGVuIGRvIHRyYWZm
aWMgc2hhcGluZyAoUW9TKSBvbiBpdCB0byB0aHJvdHRsZSBkb3duICB0aGUNCiAgYmFuZHdpZHRo
LiBIb3cgaXMgdGhpcyBldmVuIHBvc3NpYmxlPyBJIHdhcyB0aGlua2luZyB0aGF0IGFuIGlwc2Vj
DQogIGNvbm5lY3Rpb24gaXMgZW5jcnlwdGVkIGFuZCByYW5kb20gZnJvbSB0aGUgYmVnaW5uaW5n
LiBIb3cgY2FuIHRoZXkNCiAgZGVmaW5lIGEgcGF0dGVybiB0byB0aGVpciB3aGF0ZXZlciBkZXZp
Y2UgdG8gYmUgYWJsZSB0byBtYXJrIHRoaXMNCiAgc3BlY2lmaWMgdHJhZmZpYz8NCiAgSXMgdGhl
cmUgYSBwYXJ0IGF0IHRoZSBiZWdpbm5pbmcgb2YgdGhlIGNvbm5lY3Rpb24gc2VxdWVuY2Ugd2hp
Y2ggaXMNCiAgYWx3YXlzIHRoZSBzYW1lIHdpdGggdXNpbmcgdGhlIHNhbWUgY2VydGlmaWNhdGU/
DQoNCiAgRG8gSSBoYXZlIHRvIHdvcnJ5IGFib3V0IGhlcmUgdGhhdCBteSB2cG4ga2V5cyBnb3Qg
Y29tcHJvbWlzZWQ/DQoNCiAgQW55Ym9keSBldmVyIGV4cGVyaWVuY2VkIHRoaXM/DQoNCiAgVGhh
bmtzIQ0K
