> 1) Encrypt the data in transit, using IPSEC or similar; like this is gonna happen. this is the secdir pacifier. > That's not a bad posture, but I wish that you were explicit about the > threats. I am somewhat concerned that the "administrative domain" > approach leads to complacency, as in "my domain is secure, I am only > concerned with external leakage". there is common talk about pushing some services in a chain to the cloud, aka other people's computers. randy