Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
eugen at imacandi.net
Fri Dec 6 19:55:52 UTC 2013
On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch <jared at puck.nether.net> wrote:
> On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <brandon.galbraith at gmail.com>
> > If your flows are a target, or your data is of an extremely sensitive
> > nature (diplomatic, etc), why aren't you moving those bits over
> > something more private than IP (point to point L2, MPLS)? This doesn't
> > work for the VoIP target mentioned, but foreign ministries should most
> > definitely not be trusting encryption alone.
> I will ruin someones weekend here, but:
> MPLS != Encryption. MPLS VPN = "Stick a label before the still
> unencrypted IP packet".
> MPLS doesn't secure your data, you are responsible for keeping it secure
> on the wire.
It's always interesting to watch someone's expression when they hear that
MPLS VPN, even if it says VPN in the name is not encrypted. Priceless every
More information about the NANOG