IETF Logo Mail Archive

Re: [mpls] FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt

Eric Rosen <erosen@cisco.com> Thu, 09 January 2014 17:34 UTC

Return-Path: <erosen@cisco.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B227C1AE4B5 for <mpls@ietfa.amsl.com>; Thu, 9 Jan 2014 09:34:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.039
X-Spam-Level:
X-Spam-Status: No, score=-15.039 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcWV0T6j8Ug0 for <mpls@ietfa.amsl.com>; Thu, 9 Jan 2014 09:34:35 -0800 (PST)
Received: from mtv-iport-1.cisco.com (mtv-iport-1.cisco.com [173.36.130.12]) by ietfa.amsl.com (Postfix) with ESMTP id B4EAA1AE473 for <mpls@ietf.org>; Thu, 9 Jan 2014 09:34:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=950; q=dns/txt; s=iport; t=1389288866; x=1390498466; h=from:to:cc:subject:in-reply-to:reply-to:date:message-id; bh=cxB043U8VPdQFBVR0PNH9i4kmt+ect8Y2yY8gNtkDzU=; b=IzEZJVxeDGA0OgRImkzfw0W6VtocQO0o5XoIOzZw8mrEhDFBQGon96ou BxtNFr+6GRJXA178Mcx76ZKYaz1ibumM1CXcm50d9jDkPHbC6CUmiN23F ihl23xqux9rX6Ny4CnQLNk0v7iDrk8lmraMX71knzFfBUGQ4+f2X0Owxe k=;
X-IronPort-AV: E=Sophos;i="4.95,632,1384300800"; d="scan'208";a="99211543"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-1.cisco.com with ESMTP; 09 Jan 2014 17:34:26 +0000
Received: from erosen-linux.cisco.com (erosen-linux.cisco.com [161.44.70.34]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s09HYPC2025920 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Jan 2014 17:34:25 GMT
Received: from erosen-linux (localhost.localdomain [127.0.0.1]) by erosen-linux.cisco.com (8.13.8/8.13.8) with ESMTP id s09HYNBY023488; Thu, 9 Jan 2014 12:34:23 -0500
From: Eric Rosen <erosen@cisco.com>
To: adrian@olddog.co.uk
In-reply-to: Your message of Thu, 09 Jan 2014 11:51:03 +0000. <01be01cf0d31$13fdea40$3bf9bec0$@olddog.co.uk>
Date: Thu, 09 Jan 2014 12:34:23 -0500
Message-ID: <23487.1389288863@erosen-linux>
Cc: mpls@ietf.org, stephen.farrell@cs.tcd.ie
Subject: Re: [mpls] FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: erosen@cisco.com
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 17:34:36 -0000

> wondering whether anything could be done to help protect against various
> types of bulk surveillance achieved by tapping entire links

Aren't there link layer encryption schemes that protect the confidentiality
of all traffic on the link?  I don't see why one would want an MPLS-specific
protocol for  "single hop" encryption.

I also don't understand the need for MPLS-specific "end-end" (probably
"edge-edge" is what is meant) encryption, as one can always send traffic
via IPsec.  

So, just what is the unsolved problem addressed by this draft?  (I was going
to ask whether RFC 5566 is relevant at all, but first it would be good to
get a clear statement of the scenarios that are being addressed.)

BTW, most of the draft seems to be about encryption and/or key distribution,
which of course is out of scope for this WG.  Surely the security ADs will
not tolerate having the MPLS WG invent new key distribution protocols.

v2.23.0 | Report a Bug | By Email