[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security over SONET/SDH
- Subject: Security over SONET/SDH
- From: mikea at mikea.ath.cx (Mike A)
- Date: Tue, 25 Jun 2013 14:22:25 -0500
- In-reply-to: <CABidiTK=U7381e1s-hhV_b6G_PYrg7jmQZtOPJYDosUMRcp5zQ@mail.gmail.com>
- References: <[email protected]> <[email protected]> <CAL9jLaYaQTNVJ++=DKjy2geFptfMqQekNB7_QZpo5r-S7HhGkQ@mail.gmail.com> <CABidiTK=U7381e1s-hhV_b6G_PYrg7jmQZtOPJYDosUMRcp5zQ@mail.gmail.com>
On Mon, Jun 24, 2013 at 11:19:52PM -0500, Philip Dorr wrote:
> On Mon, Jun 24, 2013 at 9:59 PM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
> > it's fair to say, I think, that if you want to say something on the
> > network it's best that you consider:
> > 1) is the communication something private between you and another party(s)
> > 2) is the communication going to be seen by other than you +
> > the-right-other-party(s)
> >
> > and probably assume 2 is always going to be the case... So, if 1) is
> > true then make some way to keep it private:
> > ssl + checking certs 'properly' (where is dane?)
> > gpg + good key material security
> > private-key/shared-key - don't do this, everyone screws this up.
>
> SSH + SSHFP + DNSSEC does public/private key pretty well
If one or another of the TLAs hasn't solved, say, the BIGNUM_factoring
problem. If they have, then elliptic curve crypto looks interesting.
--
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin