On Sat, Sep 7, 2013 at 5:05 AM, Noel Chiappa
<jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu> wrote:
> From: Scott Brim <scott(_dot_)brim(_at_)gmail(_dot_)com>
> The encapsulation is not much of an obstacle to packet examination.
There was actually a proposal a couple of weeks back in the WG to encrypt all
traffic on the inter-xTR stage.
The win in doing it in the xTRs, of course, is that you don't have to go
change all the hosts, application by application: _all_ traffic, of any kind,
from that site to any/all other sites which are encryption-enabled, will get
a certain degree of confidentiality.
Does this count as something the IETF can do reasonably quickly that will
help somewhat? :-)
One easy fix then would be to have a MUST encrypt traffic between
xTRs, and that the encryption used MUST be strong. Are LISP@WG up for
the challenge? :-)
The userbase and deployment are relative small atm so it's doable to
get fast deployment to.
--
Roger Jorgensen | ROJO9-RIPE
rogerj(_at_)gmail(_dot_)com | - IPv6 is The Key!
http://www.jorgensen.no | roger(_at_)jorgensen(_dot_)no