nanog mailing list archives
Re: bloomberg on supermicro: sky is falling
From: Daniel Taylor <dtaylor () vocalabs com>
Date: Mon, 8 Oct 2018 12:31:11 -0500
The risks of VPN aren't in the VPN itself, they are in the continuous network connection architecture.
90%+ of VPN interconnects could be handled cleanly, safely, and reliably using HTTPS, without having to get internal network administration involved at all. And the risks of key exposure with HTTPS are exactly the same as the risks of having one end or the other of your VPN compromised.
As it is, VPN means trusting the network admins at your peer company. On 10/08/2018 12:15 PM, valdis.kletnieks () vt edu wrote:
On Mon, 08 Oct 2018 08:53:55 -0500, Daniel Taylor said:Especially when you have companies out there that consider VPN a reasonable way to handle secure data transfer cross-connects with vendors or clients.At some point, you get to balance any inherent security problems with the concept of using a VPN against the fact that while most VPN software has a reasonably robust point-n-drool interface to configure, most VPN alternatives are very much "some assembly required". Which is more likely? That some state-level actor finds a hole in your VPN software, or that somebody mis-configures your VPN alternative so it leaks keys and data all over the place?
Current thread:
- RE: bloomberg on supermicro: sky is falling, (continued)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 04)
- Re: bloomberg on supermicro: sky is falling Jason Hellenthal (Oct 04)
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Pete Carah (Oct 06)
- Re: bloomberg on supermicro: sky is falling Bryce Wilson (Oct 09)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 07)
- Re: bloomberg on supermicro: sky is falling Randy Bush (Oct 07)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 08)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling Pete Carah (Oct 06)
- Re: bloomberg on supermicro: sky is falling Alfie Pates (Oct 09)
- Re: bloomberg on supermicro: sky is falling Saku Ytti (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling David Hubbard (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Alain Hebert (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)