On Oct 17, 2013, at 5:36 PM, joel jaeggli <joe...@bogus.com> wrote: > > On Oct 16, 2013, at 11:44 PM, SM <s...@resistor.net> wrote: > >> Hi Joel, >> At 23:09 16-10-2013, joel jaeggli wrote: >>> MPLS VPN is more virtually private not virtual private. If you consider >>> that the functional equivalent of your own wavelength or your own glass >>> then maybe it's good enough for your purposes. from my vantage point none >>> of those things are the tautological equivalent of an ipsec vpn >> >> [snip] >> >>> operators and their customers make tradeoffs all the time, this is one of >>> them. >> >> If I am not mistaken IP VPN has been sold over the years as a secure link. > > It doesn't take a lot of sophistication to understand that putting a new > header on the outsside and whacking an lsp on something doesn't make it > secure in the encryption sense. when you still use the inner ip header as a > hash for flow distribution across trunks, that ought be a reminder that > you're a label strip away from an ip packet.
Yeah. The term has been used for a variety of things, that are "virtually private" in various different senses. I've seen it used for phone networks to indicate that you can dial a short number ("It's a VPN, so you can dial 4903 instead of 7534903!"), for MPLS networks because you can move any protocol you want, even if it's not IP (that's the multi-protocol thing), for MPLS networks where RTT is guaranteed by an SLA (just like your corporate LAN). Maybe we need to invent a different word for a virtual private network that actually provides privacy. > Regarding marketing, I hear that beer makes me smarter and cigarettes more > sophisticated as well. That's confusing cause and effect. It's not that cigarettes make you sophisticated, it's that it takes a sophisticated person to hold a fire in your mouth without getting burned. As for beer, I thought IETF meetings were about converting beer into specs. Yoav _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass