The MPLS WG Archive

Cell Relay Retreat>MPLS WG Archive>month:2002-Jul> msg00438



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

Secure MPLS

  • From: "Andrew G. Malis" <Andy.Malis@vivacenetworks.com>
  • Date: Wed, 31 Jul 2002 14:39:18 -0400
  • Cc: Tissa Senevirathne <tsenevir@hotmail.com>, mpls@UU.NET
  • X-OriginalArrivalTime: 31 Jul 2002 18:39:25.0124 (UTC) FILETIME=[98165840:01C238C1]

I agree with Ron.  From the end user point of view, some problems with 
service provider encryption are that the tail circuits from the customer 
premise to the service provider are unprotected (which the obvious place to 
place a covert wiretap); the encryption keys are the property of the 
service provider, not the end user; and the keys could be subject to 
government escrow or seizure depending on where you are in the world.  This 
is certainly the case in the US (see http://www.fcc.gov/calea/ ).

Cheers,
Andy

------

At 7/30/2002 02:22 PM -0400, Ron Bonica wrote:
>Tissa,
>
>Given that the upper layers are capable of encryption using mechanisms like
>IPSEC, why would a service provider want to encrypt the contents of an MPLS
>LSP?
>
>Wouldn't you want to push the encryption function higher in the protocol
>stack and closer to the network edges?
>
>                                                     Ron

  • References:
    • Secure MPLS
      • From: "Tissa Senevirathne" <tsenevir@hotmail.com>
    • Secure MPLS
      • From: Ron Bonica <Ronald.P.Bonica@wcom.com>