IETF Logo Mail Archive

Re: [OPSAWG] Kathleen Moriarty's No Objection on draft-ietf-opsawg-capwap-alt-tunnel-08: (with COMMENT)

Randy Bush <randy@psg.com> Wed, 26 October 2016 04:43 UTC

Return-Path: <randy@psg.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4873412950A; Tue, 25 Oct 2016 21:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.332
X-Spam-Level:
X-Spam-Status: No, score=-7.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dZfnPTYpmgb8; Tue, 25 Oct 2016 21:43:24 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D0791293F0; Tue, 25 Oct 2016 21:43:24 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from <randy@psg.com>) id 1bzG3Z-0002a7-RF; Wed, 26 Oct 2016 04:43:18 +0000
Date: Wed, 26 Oct 2016 13:43:29 +0900
Message-ID: <m27f8vsosu.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Duzongpeng <duzongpeng@huawei.com>
In-Reply-To: <BAFEC9523F57BC48A51C20226A5589575FE5CCC4@nkgeml514-mbx.china.huawei.com>
References: <147724184512.16086.16613553618779081340.idtracker@ietfa.amsl.com> <BAFEC9523F57BC48A51C20226A5589575FE5CC26@nkgeml514-mbx.china.huawei.com> <CAHw9_iJ0AKcA2PFrbumNVOCXnM=3LkoBZdwGdK9t8N+SJvieRQ@mail.gmail.com> <BAFEC9523F57BC48A51C20226A5589575FE5CCC4@nkgeml514-mbx.china.huawei.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/YrKoHIM3DTF2f4-ZuDzOCqfDH6o>
Cc: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>, opsawg@ietf.org
Subject: Re: [OPSAWG] Kathleen Moriarty's No Objection on draft-ietf-opsawg-capwap-alt-tunnel-08: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 04:43:26 -0000

> Thanks for your reply. I want to clarify that I am not
> suggesting users to use IPsec.
> 
> In the draft, the tunnels between the WTP and AR need to be
> protected, so the IPsec is between the WTP and AR.
> 
> The network provide is responsible for the security of the
> users, and should deploy the IPSec between the WTP and AR.
> 
> We can suggest to the network providers that it is not a good
> choice to use unsecured tunnel.  Also, the network provide
> should notify the users that the service is unsecured if they
> choose some unsecured tunnel types.

on my more paranoid days, this being one, i think ipsec was designed to
deter use and hence privacy; we have become married to sabatoge.

is there some simpler easily deployed auth/privacy mechanism which could
be mti?  md5/4808 would at least be deployable, disgusting as it is.

randy

v2.23.0 | Report a Bug | By Email