IETF Logo Mail Archive

Re: [perpass] Fwd: FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt

Stephen Kent <kent@bbn.com> Mon, 13 January 2014 16:53 UTC

Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA4001ADFDD for <perpass@ietfa.amsl.com>; Mon, 13 Jan 2014 08:53:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.739
X-Spam-Level:
X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nGVkzLU8Rid2 for <perpass@ietfa.amsl.com>; Mon, 13 Jan 2014 08:53:48 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 06F7E1ADFD4 for <perpass@ietf.org>; Mon, 13 Jan 2014 08:53:48 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:41106 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1W2klX-0005dT-Cn; Mon, 13 Jan 2014 11:53:31 -0500
Message-ID: <52D41A06.2000008@bbn.com>
Date: Mon, 13 Jan 2014 11:53:26 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Theodore Ts'o <tytso@mit.edu>
References: <mailman.42.1389384009.839.perpass@ietf.org> <52D062BB.1030906@gmail.com> <52D06D63.7070900@cs.tcd.ie> <52D40D16.7060307@bbn.com> <20140113161349.GA22541@thunk.org>
In-Reply-To: <20140113161349.GA22541@thunk.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Fwd: FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 16:53:50 -0000

Ted,
> On Mon, Jan 13, 2014 at 10:58:14AM -0500, Stephen Kent wrote:
>> I suspect you're right that IPsec is not used often in this context.
>> The use of MPLS would be qualitatively different, because it would
>> be offered by an ISP, not by a subscriber. Maybe that would result
>> in more encrypted traffic because ISPs would offer it as a low
>> cost service.
> It helps against some attacks, but it doesn't help for others, right?
> After all, if you are a US national, you might not trust that the
> Chinese Telecom won't pass your traffic to the MSS.  (Or if you are a
> German national, that AT&T won't decrypto your traffic and then pass
> it off to the NSA...)
yep. IPsec, under the control of a subscriber, offers more protection,
in princple.

Steve

v2.30.2 | Report a Bug | By Email | System Status