The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

Fwd: MPLS VPN

From: Roger Clark Williams <rogerw@nordlink.com>
Date: Sun, 29 Dec 2002 10:32:57 -0500
Resent-Date: Sun, 29 Dec 2002 12:02:17 -0500
To: MPLS-ops Mailing List <mpls-ops@mplsrc.com>
X-Sender: rogerw@together.net@207.69.200.148

Aleezah, security is relative. To take a simple example, are you more 
secure with a 56-bit key or a 128-bit key? It all depends on the capability 
of those who 1) have access to the traffic, and 2) the ability they can 
muster to crack the encryption. It is relative.

With a MPLS VPN the data within the original IP packet is still in 
clear-text format, there is no encryption. Granted, the LSP you mention may 
be secure, but who has access to that path? Can all those people be trusted 
completely? It is all relative.

There is no such thing as absolute security, there is only relatively 
better and relatively worse security. For better security over an MPLS VPN, 
I would use IPsec. Others will certainly argue for something better, longer 
keys, whatever. Perhaps stenographically embedding encrypted data in a file 
that is then encrypted within a packet that itself is encrypted...... 
Again, it is all relative. What is the value of your traffic?

I would bring to your attention the very reasonable and informative 
writings of Bruce Schneier, founder of Counterpane, and his newsletter 
called Crypto-gram. Available to all at 
http://www.counterpane.com/crypto-gram.html or send a blank message to 
crypto-gram-subscribe@chaparraltree.com

Roger Williams


>X-Originating-IP: [203.135.5.55]
>From: "aleezah khan" <aleezahkhan2k@hotmail.com>
>To: rogerw@nordlink.com
>Subject: MPLS VPN
>Date: Sun, 29 Dec 2002 14:55:22 +0000
>X-OriginalArrivalTime: 29 Dec 2002 14:55:22.0298 (UTC) 
>FILETIME=[4FEA21A0:01C2AF4A]
>
>
>Hi,
>merry christmass to u!!
>i need some help .i hope u can guide me...
>In MPLS VPN with the use of  VPN identifier (RD) and secure LSP ,is data 
>security still an issue?
>DO you think encrypting the data is the only way to secure our data 
>running in BGP MPLS VPN?
>If not then what are your recommendations
>
>
>
>
>_________________________________________________________________
>Add photos to your messages with MSN 8. Get 2 months FREE*. 
>http://join.msn.com/?page=features/featuredemail&xAPID=42&PS=47575&PI=7324&DI=7474&SU= 
>http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_addphotos_3mf

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

Follow-Ups:
- Re: Fwd: MPLS VPN
  - From: Wulf Losee <qx49@attbi.com>