On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch <ja...@puck.nether.net> wrote:
> > On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <brandon.galbra...@gmail.com> > wrote: > > > If your flows are a target, or your data is of an extremely sensitive > > nature (diplomatic, etc), why aren't you moving those bits over > > something more private than IP (point to point L2, MPLS)? This doesn't > > work for the VoIP target mentioned, but foreign ministries should most > > definitely not be trusting encryption alone. > > I will ruin someones weekend here, but: > > MPLS != Encryption. MPLS VPN = "Stick a label before the still > unencrypted IP packet". > MPLS doesn't secure your data, you are responsible for keeping it secure > on the wire. > > It's always interesting to watch someone's expression when they hear that MPLS VPN, even if it says VPN in the name is not encrypted. Priceless every time :)
