mark seery mark.a.seery at
Thu Sep 17 15:56:10 UTC 2020

> On Sep 17, 2020, at 8:28 AM, Mark Tinka <mark.tinka at> wrote:
> On 16/Sep/20 23:22, Anoop Ghanwani wrote:
>> It depends on the definition of VPN.  In terms of services like
>> MPLS-based VPNs, it refers to the extension of a Private network 
>> over a shared infrastructure, allowing entities using the shared
>> infrastructure to have their own private address space and routing
>> tables.
> Really, it was just a way to leverage IP networks to make more money.

For operators already offering FR/ATM services, it was a replacement, using the same principles of traffic separation over a common infrastructure, without encryption as part of the service. So from that perspective only, it was not much of a change for *existing* enterprise customers. 

This community is aware of the responsibility of a network is to ensure that traffic is forwarded to the (originally?) intended destination to prevent confidential information being exposed to a third-party. It is in this respect that the term “privacy” is often used. So seems like there is a taxonomy issue here. Perhaps traffic separation is a better term than privacy, because while traffic is probablistically private with respect to other VPN customers (separated with some high level of probability), it is not private with respect to the operator (who could intercept it).

> Nothing against that, as long as "buyer be aware" applies.

Sure, transparency is good.

I remember 20 years ago at a London IETF where the issue arose, and a food fight arose over who would own and manage encryption keys if traffic was encrypted. I don’t recall what the resolution of that debate was.

That said, we live in an era where there is increasing sensitivity to protecting consumer (at least) information. This sensitivity exists at multiple layers of the “stack”. So it is an interesting question / issue, and certainly would not be of any surprise if governments mandated it in the future, as long as they could intercept it for law enforcement purposes of course, and until they could, they probably would not be encouraging operators to encrypt data in any difficult to crack way (a speculation on my part).

Perhaps all the more reason why end-to-end encryption should be part of the buyer beware conversation (not arguing against operator encryption in saying that - privacy is something everyone in I[C]T has to think about today).

> Mark.

More information about the NANOG mailing list