nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security over SONET/SDH

From: Mike A <mikea () mikea ath cx>
Date: Tue, 25 Jun 2013 14:22:25 -0500
On Mon, Jun 24, 2013 at 11:19:52PM -0500, Philip Dorr wrote:

On Mon, Jun 24, 2013 at 9:59 PM, Christopher Morrow
<morrowc.lists () gmail com> wrote:

it's fair to say, I think, that if you want to  say something on the
network it's best that you consider:
  1) is the communication something private between you and another party(s)
  2) is the communication going to be seen by other than you +
the-right-other-party(s)

and probably assume 2 is always going to be the case... So, if 1) is
true then make some way to keep it private:
  ssl + checking certs 'properly' (where is dane?)
  gpg + good key material security
  private-key/shared-key - don't do this, everyone screws this up.


SSH + SSHFP + DNSSEC does public/private key pretty well


If one or another of the TLAs hasn't solved, say, the BIGNUM_factoring
problem. If they have, then elliptic curve crypto looks interesting. 

-- 
Mike Andrews, W5EGO
mikea () mikea ath cx
Tired old sysadmin
Previous By Date Next
Previous By Thread Next

Current thread: