Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
jared at puck.nether.net
Fri Dec 6 19:48:23 UTC 2013
On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <brandon.galbraith at gmail.com> wrote:
> If your flows are a target, or your data is of an extremely sensitive
> nature (diplomatic, etc), why aren't you moving those bits over
> something more private than IP (point to point L2, MPLS)? This doesn't
> work for the VoIP target mentioned, but foreign ministries should most
> definitely not be trusting encryption alone.
I will ruin someones weekend here, but:
MPLS != Encryption. MPLS VPN = "Stick a label before the still unencrypted IP packet".
MPLS doesn't secure your data, you are responsible for keeping it secure on the wire.
More information about the NANOG