On 25/07/2018 10:40, Robert Raszuk wrote:
/* Adjusting the subject ... */
Hello
Stewart,
You have made the below comment in the other thread we are having:
Indeed, I would have expected this to be on a secure network of
some sort either purely
private or some form of VPN. However, I am sure I read in your
text that you were
considering using the Public Internet much in the way of SD-WAN.
Would you mind as extensively as you can expand on the above statement ?
Specifically on what basis do you treat say L2VPN or L3VPN of naked
unencrypted packets often traveling on the very same links as this
"bad" Internet traffic to be even slightly more secure then IPSEC or
DTLS encrypted SD-WAN carried data with endpoints being terminated in
private systems ?
Thx,
Robert
Robert, I think that you have to take it as read that an air traffic
control SoF system is encrypting its packets. If it is not, then it is
clearly not fit for purpose.
What concerns me is that an air traffic system is one of the most, if
not the most, high profile targets in civil society. You get reminded of
this each time you travel to IETF.
The thing about safety of flight traffic is that a sustained and
effective DDoS attack has global impact in a way that few other such
attacks have.
A VPN system ought to sustain resistance to such an attack better than
the proposed system which treats the SoF traffic the same as regular
traffic.
- Stewart
_______________________________________________
rtgwg mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/rtgwg
