On Oct 17, 2013, at 5:36 PM, joel jaeggli <joe...@bogus.com> wrote:
>
> On Oct 16, 2013, at 11:44 PM, SM <s...@resistor.net> wrote:
>
>> Hi Joel,
>> At 23:09 16-10-2013, joel jaeggli wrote:
>>> MPLS VPN is more virtually private not virtual private. If you consider
>>> that the functional equivalent of your own wavelength or your own glass
>>> then maybe it's good enough for your purposes. from my vantage point none
>>> of those things are the tautological equivalent of an ipsec vpn
>>
>> [snip]
>>
>>> operators and their customers make tradeoffs all the time, this is one of
>>> them.
>>
>> If I am not mistaken IP VPN has been sold over the years as a secure link.
>
> It doesn't take a lot of sophistication to understand that putting a new
> header on the outsside and whacking an lsp on something doesn't make it
> secure in the encryption sense. when you still use the inner ip header as a
> hash for flow distribution across trunks, that ought be a reminder that
> you're a label strip away from an ip packet.
Yeah. The term has been used for a variety of things, that are "virtually
private" in various different senses. I've seen it used for phone networks to
indicate that you can dial a short number ("It's a VPN, so you can dial 4903
instead of 7534903!"), for MPLS networks because you can move any protocol you
want, even if it's not IP (that's the multi-protocol thing), for MPLS networks
where RTT is guaranteed by an SLA (just like your corporate LAN). Maybe we need
to invent a different word for a virtual private network that actually provides
privacy.
> Regarding marketing, I hear that beer makes me smarter and cigarettes more
> sophisticated as well.
That's confusing cause and effect. It's not that cigarettes make you
sophisticated, it's that it takes a sophisticated person to hold a fire in your
mouth without getting burned. As for beer, I thought IETF meetings were about
converting beer into specs.
Yoav
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
