nanog mailing list archives

Re: SRv6

From: Mark Tinka <mark.tinka () seacom com>
Date: Thu, 17 Sep 2020 18:24:36 +0200



On 17/Sep/20 17:56, mark seery wrote:

For operators already offering FR/ATM services, it was a replacement, using the same principles of traffic separation 
over a common infrastructure, without encryption as part of the service. So from that perspective only, it was not much 
of a change for *existing* enterprise customers.

Indeed. But the difference with Frame Relay and ATM was that telco'snever called it a (V)PN. At worst, it was a leased line.

This community is aware of the responsibility of a network is to ensure that traffic is forwarded to the (originally?) 
intended destination to prevent confidential information being exposed to a third-party. It is in this respect that the 
term “privacy” is often used. So seems like there is a taxonomy issue here. Perhaps traffic separation is a better term 
than privacy, because while traffic is probablistically private with respect to other VPN customers (separated with 
some high level of probability), it is not private with respect to the operator (who could intercept it).

Or someone else who might "capture" the operator, and thus, be able tointercept it.

Sure, transparency is good.

I remember 20 years ago at a London IETF where the issue arose, and a food fight arose over who would own and manage 
encryption keys if traffic was encrypted. I don’t recall what the resolution of that debate was.

That said, we live in an era where there is increasing sensitivity to protecting consumer (at least) information. This 
sensitivity exists at multiple layers of the “stack”. So it is an interesting question / issue, and certainly would not 
be of any surprise if governments mandated it in the future, as long as they could intercept it for law enforcement 
purposes of course, and until they could, they probably would not be encouraging operators to encrypt data in any 
difficult to crack way (a speculation on my part).

Perhaps all the more reason why end-to-end encryption should be part of the buyer beware conversation (not arguing 
against operator encryption in saying that - privacy is something everyone in I[C]T has to think about today).

If gubbermints mandate that l2vpn's and l3vpn's be encrypted, the cloudbags will simply take over (not that they haven't, already).


Mark.

Current thread:

Re: SRv6, (continued)
- - - Re: SRv6 Jeff Tantsura (Sep 15)
    - Re: SRv6 Randy Bush (Sep 15)
    - Re: SRv6 Jeff Tantsura (Sep 15)
    - RE: SRv6 aaron1 (Sep 15)
    - Re: SRv6 Randy Bush (Sep 15)
    - Re: SRv6 Mark Tinka (Sep 16)
    - Re: SRv6 Anoop Ghanwani (Sep 16)
    - Re: SRv6 Randy Bush (Sep 16)
    - Re: SRv6 Mark Tinka (Sep 17)
    - Re: SRv6 mark seery (Sep 17)
    - Re: SRv6 Mark Tinka (Sep 17)
    - Re: SRv6 mark seery (Sep 17)
    - Re: SRv6 Mark Tinka (Sep 17)
    - Re: SRv6 tim () pelican org (Sep 18)
    - Re: SRv6 Mark Tinka (Sep 18)
    - Re: SRv6 Wilco Baan Hofman (Sep 18)
    - Re: SRv6 mark seery (Sep 18)
    - Re: SRv6 Mark Tinka (Sep 19)
    - Re: SRv6 Valdis Klētnieks (Sep 19)
    - Re: SRv6 Mark Tinka (Sep 20)
    - Re: SRv6 Łukasz Bromirski (Sep 21)

(Thread continues...)