Mark Tinka mark.tinka at
Sat Sep 19 10:27:37 UTC 2020

On 19/Sep/20 05:56, mark seery wrote:

> While I get your point, and it is a good one, no. Once lawyers, finance, and other functions get involved, it goes from being just another technology, to a pain for suppliers and customers alike. Export laws complicate implementation, and vendors can only afford and/or have the operational agility, to do an implementation once. Any security tech that is sufficiently interesting, is going to be a pain for router vendors to implement and operationalize given the government’s attitude to such tech. The lower in the stack it is, the bigger the pain.
> That said, vendors are being asked to put MACSec in and I suspect more platforms supporting it will become available over tim

Totally share your view.

End-points already have plenty of methods to provide security, as do 
tons of "appliances" one can deploy as CPE.

We don't need to complicate the backbone further by having it do 
wholesale encryption. But alas, watch this space...

The best thing we can do, as operators, is not make this a reality. If 
gubbermints want us to, then they are welcome to fund the project.


More information about the NANOG mailing list