ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/RouterProtocol) to Proposed Standard

2011-12-28 05:44:13
----- Original Message -----
From: "Robert Raszuk" <robert(_at_)raszuk(_dot_)net>
To: "t.petch" <daedulus(_at_)btconnect(_dot_)com>
Cc: "Russ Housley" <housley(_at_)vigilsec(_dot_)com>; "Danny McPherson" 
<danny(_at_)tcb(_dot_)net>;
"IETF" <ietf(_at_)ietf(_dot_)org>
Sent: Thursday, December 22, 2011 11:31 PM

Hi Tom,

The question of where the servers would be located, locally or somewhere out
on
the Internet, was raised during the development of this document and the
answer
was, we do not know; so I think that if you only regard it as secure when
only
an internal network is involved, then that needs calling out in the Security
Considerations.

Let me observe that significant number of "internal networks" these days
go over third party unencrypted or unsecured to the desired level VPNs.

Robert

You surprise me.  My impression of VPNs is that they are one of few areas where
operators show some signs of offering and using security, like using a cipher
suite with 56 bit entropy instead of 8 alphabetic characters sent in clear.
Inadequate, true, but with the basics in place, capable of being upgraded to
offer real security.

Tom Petch


So is it ok to state that a network which consists of N sites all with
external EBGP feed while being interconnected by L3VPN could use single
cache residing only in one site ?

Thx,
R.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>