----- Original Message ----- From: "Robert Raszuk" <robert@xxxxxxxxxx> To: "t.petch" <daedulus@xxxxxxxxxxxxx> Cc: "Russ Housley" <housley@xxxxxxxxxxxx>; "Danny McPherson" <danny@xxxxxxx>; "IETF" <ietf@xxxxxxxx> Sent: Thursday, December 22, 2011 11:31 PM > Hi Tom, > > > The question of where the servers would be located, locally or somewhere out on > > the Internet, was raised during the development of this document and the answer > > was, we do not know; so I think that if you only regard it as secure when only > > an internal network is involved, then that needs calling out in the Security > > Considerations. > > Let me observe that significant number of "internal networks" these days > go over third party unencrypted or unsecured to the desired level VPNs. Robert You surprise me. My impression of VPNs is that they are one of few areas where operators show some signs of offering and using security, like using a cipher suite with 56 bit entropy instead of 8 alphabetic characters sent in clear. Inadequate, true, but with the basics in place, capable of being upgraded to offer real security. Tom Petch > > So is it ok to state that a network which consists of N sites all with > external EBGP feed while being interconnected by L3VPN could use single > cache residing only in one site ? > > Thx, > R. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf