Mark Tinka mark.tinka at
Thu Sep 17 16:24:36 UTC 2020

On 17/Sep/20 17:56, mark seery wrote:

> For operators already offering FR/ATM services, it was a replacement, using the same principles of traffic separation over a common infrastructure, without encryption as part of the service. So from that perspective only, it was not much of a change for *existing* enterprise customers.

Indeed. But the difference with Frame Relay and ATM was that telco's 
never called it a (V)PN. At worst, it was a leased line.

> This community is aware of the responsibility of a network is to ensure that traffic is forwarded to the (originally?) intended destination to prevent confidential information being exposed to a third-party. It is in this respect that the term “privacy” is often used. So seems like there is a taxonomy issue here. Perhaps traffic separation is a better term than privacy, because while traffic is probablistically private with respect to other VPN customers (separated with some high level of probability), it is not private with respect to the operator (who could intercept it).

Or someone else who might "capture" the operator, and thus, be able to 
intercept it.

> Sure, transparency is good.
> I remember 20 years ago at a London IETF where the issue arose, and a food fight arose over who would own and manage encryption keys if traffic was encrypted. I don’t recall what the resolution of that debate was.
> That said, we live in an era where there is increasing sensitivity to protecting consumer (at least) information. This sensitivity exists at multiple layers of the “stack”. So it is an interesting question / issue, and certainly would not be of any surprise if governments mandated it in the future, as long as they could intercept it for law enforcement purposes of course, and until they could, they probably would not be encouraging operators to encrypt data in any difficult to crack way (a speculation on my part).
> Perhaps all the more reason why end-to-end encryption should be part of the buyer beware conversation (not arguing against operator encryption in saying that - privacy is something everyone in I[C]T has to think about today).

If gubbermints mandate that l2vpn's and l3vpn's be encrypted, the cloud 
bags will simply take over (not that they haven't, already).


More information about the NANOG mailing list