Re: [perpass] "Guide to intranet protection"?
Phillip Hallam-Baker <hallam@gmail.com> Thu, 28 November 2013 05:44 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB4361AE032 for <perpass@ietfa.amsl.com>; Wed, 27 Nov 2013 21:44:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VZ4yzxc5VMn for <perpass@ietfa.amsl.com>; Wed, 27 Nov 2013 21:44:20 -0800 (PST)
Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com [IPv6:2a00:1450:4010:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id A40311ADF52 for <perpass@ietf.org>; Wed, 27 Nov 2013 21:44:19 -0800 (PST)
Received: by mail-la0-f44.google.com with SMTP id ep20so5794842lab.3 for <perpass@ietf.org>; Wed, 27 Nov 2013 21:44:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JC0LGS9yS/qiPhPoZCwL6Dete8Bx6pR9QxMeuJAA5CY=; b=RSK1O9lbagKdEz6NEXSd73VcwbeVQoVM6BApnXTxbHaiz5zA7Ir+gyT9YGikBukr6h h87HmAfcXqYW3LpB0ivOtew7DCW+ewOuKfa47tlmgWccxuvBwSL2raZfYvdJ1iSCqfWW KuFrpD0yH+ugK0+b951HcCR5LCQevhi2u9A7ZtGxk06B/pJjYDkgPNjHgUY8gazEIu8C +gHuUVJA1sjbDiIfQ0UlLseRNXc7eJ8euTvhpYDrpiOCHdmLPavMmtVt/MsnXXngMxex 259YPsGtJoEkdEkNXShDN7s0QLYsbM8k/+u59xihWp42TVCJxEF1b2ZAzLuKssqldtAz pUpg==
MIME-Version: 1.0
X-Received: by 10.152.120.102 with SMTP id lb6mr3039374lab.37.1385617458139; Wed, 27 Nov 2013 21:44:18 -0800 (PST)
Received: by 10.112.37.172 with HTTP; Wed, 27 Nov 2013 21:44:18 -0800 (PST)
In-Reply-To: <5296D346.2090300@dcrocker.net>
References: <5295FC4F.7060309@dcrocker.net> <5295FDE8.5000402@cs.tcd.ie> <5296D346.2090300@dcrocker.net>
Date: Thu, 28 Nov 2013 00:44:18 -0500
Message-ID: <CAMm+LwgKdRDBOHyN6iE7KpNs=jcdZ5JGg=+qixzT27vgqd0Y3w@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Dave Crocker <dcrocker@bbiw.net>
Content-Type: multipart/alternative; boundary="089e01227ab66317ea04ec3634c2"
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] "Guide to intranet protection"?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 05:44:22 -0000
Dave, This is not really an intranet issue, this is a backbone issue. The two are completely different where security is concerned. There is already a body of literature on setting up corporate VPNs to secure an Intranet. That is all happening at the IP layer and IPSEC is a good tool. What is going on at Google and Yahoo is that they have got to be so large that they are deploying routers that are designed for supporting backbone traffic and they are essentially backbone providers. And the body of work that exists on IPSEC is just not relevant to that part of their problem. It is not a unique problem though. AT&T, Comcast and the backbone providers have the same sort of issues. They are problems that arise from carrying traffic that is coming from someone else who may have a different idea about how confidential it is to the carrier. A group of large enterprises like ICI faced a similar problem a while back and formed the Jericho forum to tell manufacturers what sort of IT security they needed. It might be useful for a group of like minded companies that buy the biggest of the big iron to come together and hammer out security requirements to hand off to the vendors. Might not wok though. Jericho forum closed recently but I can't see any sign of the data level security they were talking about. There is this place in Fort Meade that it seems could use some of that rather badly and they are not the only ones.
- Re: [perpass] "Guide to intranet protection"? Stephen Farrell
- [perpass] "Guide to intranet protection"? Dave Crocker
- Re: [perpass] "Guide to intranet protection"? Phillip Hallam-Baker
- Re: [perpass] "Guide to intranet protection"? Randy Bush
- Re: [perpass] "Guide to intranet protection"? Dave Crocker
- Re: [perpass] "Guide to intranet protection"? Christian Huitema
- Re: [perpass] "Guide to intranet protection"? Dave Crocker
- Re: [perpass] "Guide to intranet protection"? Christian Huitema
- Re: [perpass] "Guide to intranet protection"? Phillip Hallam-Baker
- Re: [perpass] "Guide to intranet protection"? Randy Bush
- Re: [perpass] "Guide to intranet protection"? Hannes Tschofenig
- Re: [perpass] "Guide to intranet protection"? Stephen Farrell
- Re: [perpass] "Guide to intranet protection"? Eric Burger
- Re: [perpass] "Guide to intranet protection"? Norbert Bollow
- [perpass] Source Routing [was Re: "Guide to intra… Eric Burger
- Re: [perpass] "Guide to intranet protection"? Hannes Tschofenig
- Re: [perpass] "Guide to intranet protection"? Dave Crocker
- Re: [perpass] "Guide to intranet protection"? Phillip Hallam-Baker
- Re: [perpass] "Guide to intranet protection"? Dave Crocker
- Re: [perpass] "Guide to intranet protection"? Phillip Hallam-Baker
- Re: [perpass] "Guide to intranet protection"? Albert Lunde
- Re: [perpass] "Guide to intranet protection"? Eric Burger
- Re: [perpass] "Guide to intranet protection"? SM
- Re: [perpass] "Guide to intranet protection"? Mark Atwood