IETF Logo Mail Archive

Re: [perpass] "Guide to intranet protection"?

"Christian Huitema" <huitema@huitema.net> Thu, 28 November 2013 05:37 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54F711AE116 for <perpass@ietfa.amsl.com>; Wed, 27 Nov 2013 21:37:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTE1uaetpjLE for <perpass@ietfa.amsl.com>; Wed, 27 Nov 2013 21:37:09 -0800 (PST)
Received: from xsmtp11.mail2web.com (xsmtp31.mail2web.com [168.144.250.234]) by ietfa.amsl.com (Postfix) with ESMTP id 134BA1AE0E8 for <perpass@ietf.org>; Wed, 27 Nov 2013 21:37:09 -0800 (PST)
Received: from [10.5.2.11] (helo=xmail01.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1VluHj-0003lu-Gp for perpass@ietf.org; Thu, 28 Nov 2013 00:37:07 -0500
Received: (qmail 27221 invoked from network); 28 Nov 2013 05:37:06 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[72.235.170.205]) (envelope-sender <huitema@huitema.net>) by xmail01.myhosting.com (qmail-ldap-1.03) with ESMTPA for <dcrocker@bbiw.net>; 28 Nov 2013 05:37:05 -0000
From: Christian Huitema <huitema@huitema.net>
To: dcrocker@bbiw.net, 'Randy Bush' <randy@psg.com>
References: <5295FC4F.7060309@dcrocker.net> <5295FDE8.5000402@cs.tcd.ie> <m2mwkpgpi0.wl%randy@psg.com> <5296C8CC.2060508@dcrocker.net>
In-Reply-To: <5296C8CC.2060508@dcrocker.net>
Date: Wed, 27 Nov 2013 21:37:04 -0800
Message-ID: <027a01ceebfb$df99f290$9ecdd7b0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQL2Ez6VpOy/raTxzEp1sYC1gihbzwHsqXzSAhtuobgA+sA7rpfDuINg
Content-Language: en-us
Cc: 'perpass' <perpass@ietf.org>
Subject: Re: [perpass] "Guide to intranet protection"?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 05:37:10 -0000

>> may not work out as well as we might wish, as folk who have done it may
>> not want to disclose details.  but i am sure there are folk who have not
>> done it who will be happy to tell others how they should run their
>> networks :)
>
> with such a warm and inviting tone being offered at this stage of the 
> topic, i'm sure everyone will feel quite comfortable testing their 
> suggestions and comments, to produce a frank and open exchange that will 
> vet the contents of the draft document.

Randy is quite right. The attacks reported in the news article were against
the private optical fibers linking the geographically distributed data
centers of large companies like Google or Yahoo. A discussion about that
should start with the folks in charge of securing these data centers at
Google, Yahoo, Facebook, Microsoft, et cetera. I can see some difficulties,
because a fair bit of the data centers architectures is probably treated as
trade secret. And I am really not sure that the IETF is the best place to
conduct such discussions.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email