IETF Logo Mail Archive

Re: [perpass] Fwd: FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt

Theodore Ts'o <tytso@mit.edu> Mon, 13 January 2014 16:14 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 161D91AC4A7 for <perpass@ietfa.amsl.com>; Mon, 13 Jan 2014 08:14:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.329
X-Spam-Level:
X-Spam-Status: No, score=-2.329 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mv5_jgOynp3j for <perpass@ietfa.amsl.com>; Mon, 13 Jan 2014 08:14:04 -0800 (PST)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id B56BB1ADF78 for <perpass@ietf.org>; Mon, 13 Jan 2014 08:14:03 -0800 (PST)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1W2k98-0006Yt-ED; Mon, 13 Jan 2014 16:13:50 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id BD2BE5801DE; Mon, 13 Jan 2014 11:13:49 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=mail; t=1389629629; bh=Ebpc5MtmVYiwVMRaploCjYGTq9dNeOdXyaG/DDNJsgY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=BFKjtesHiPgP7Jmjocf5iZlEeeRWZPDRi6D/2/w2en2GgkwgtaKcaY8FjXQFMA0gk MSa7knPbgM0EKdEYH7gPkv+wovtxnMvvOlwdvMYHEg/nirSuMsqQ7tA/8j/QFX/fL5 nRoFNOWa3A0cUy/tRa1fRcTu06zeJwn0uuyZbqUI=
Date: Mon, 13 Jan 2014 11:13:49 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Stephen Kent <kent@bbn.com>
Message-ID: <20140113161349.GA22541@thunk.org>
References: <mailman.42.1389384009.839.perpass@ietf.org> <52D062BB.1030906@gmail.com> <52D06D63.7070900@cs.tcd.ie> <52D40D16.7060307@bbn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <52D40D16.7060307@bbn.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Cc: perpass@ietf.org
Subject: Re: [perpass] Fwd: FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 16:14:06 -0000

On Mon, Jan 13, 2014 at 10:58:14AM -0500, Stephen Kent wrote:
> I suspect you're right that IPsec is not used often in this context.
> The use of MPLS would be qualitatively different, because it would
> be offered by an ISP, not by a subscriber. Maybe that would result
> in more encrypted traffic because ISPs would offer it as a low
> cost service.

It helps against some attacks, but it doesn't help for others, right?
After all, if you are a US national, you might not trust that the
Chinese Telecom won't pass your traffic to the MSS.  (Or if you are a
German national, that AT&T won't decrypto your traffic and then pass
it off to the NSA...)

					- Ted

v2.30.2 | Report a Bug | By Email | System Status