On Sat, Sep 7, 2013 at 5:05 AM, Noel Chiappa <jnc@xxxxxxxxxxxxxxxxxxx> wrote: > > From: Scott Brim <scott.brim@xxxxxxxxx> > > > The encapsulation is not much of an obstacle to packet examination. > > There was actually a proposal a couple of weeks back in the WG to encrypt all > traffic on the inter-xTR stage. > > The win in doing it in the xTRs, of course, is that you don't have to go > change all the hosts, application by application: _all_ traffic, of any kind, > from that site to any/all other sites which are encryption-enabled, will get > a certain degree of confidentiality. > > Does this count as something the IETF can do reasonably quickly that will > help somewhat? :-) One easy fix then would be to have a MUST encrypt traffic between xTRs, and that the encryption used MUST be strong. Are LISP@WG up for the challenge? :-) The userbase and deployment are relative small atm so it's doable to get fast deployment to. -- Roger Jorgensen | ROJO9-RIPE rogerj@xxxxxxxxx | - IPv6 is The Key! http://www.jorgensen.no | roger@xxxxxxxxxxxx