jwbensley+nanog at gmail.com
Fri Sep 18 11:13:15 UTC 2020
On 16 September 2020 22:38:38 CEST, Randy Bush <randy at psg.com> wrote:
>> Privacy != encryption.
>cleartext == privacy * 0
>cleartext * complexity == privacy * 0
False. Cleartext and privacy are two different things which are not mutually exclusive. Information can be in plaintext and private, it can also be encrypted and not private.
Consider multiple devices connected to a single customer instance (A) on an MPLS L2 VPN provider's network, consisting of a single VLAN/broadcast domain, all the connected devices are able to send information to each other, and they can receive the information sent to other devices not intended for itself. Any device, for example, can send a gratuitous ARP, update the control plane of the switch and pull traffic towards itself and have visibility of all the conversation on the VLAN/broadcast domain. Even if the conversations are encrypted, meaning no plaintext, which you seem to suggest means privacy, this receiving device sees all the conversations which take place, when they are taking place, between whom, for how long, how often, and so on. Encryption hasn't provided privacy if someone can see all that information.
Now consider a second customer (B) connected to a separate customer instance on the same L2 VPN provider network. Customer A can send any traffic they like and they can listen all day until the cows come home; they will never be able to send traffic to a customer B device in a separate L2 VPN instance, and they will never receive any traffic from a customer B device, they can't even see that customer B exists, if they are having any conversations, when, for how long etc, nothing.
That is privacy, which is completely different to plaintext and ciphertext.
More information about the NANOG