[AusNOG] Consensus from the IETF 88 Technical Plenary - Internet hardening

Dobbins, Roland rdobbins at arbor.net
Fri Nov 8 23:59:21 EST 2013


On Nov 8, 2013, at 7:43 PM, Karl Auer <kauer at biplane.com.au> wrote:

> Seems to me that is the point of encryption!

Making it impossible to detect/classify/traceback and then mitigate DDoS attacks, identify botnet C&Cs, etc. isn't the point of encryption, but is a side-effect of overencryption.

No, folks aren't going to share all their keys and certs with all the ISPs in the world, that would defeat the purpose of having them the first place.

No, folks aren't going to mitigate a 100gb/sec+ DDoS attack in their IDC after you've decrypted the DDoS traffic.

No, folks aren't going to successfully  detect, classify, & mitigate layer-4 or layer-7 DDoS attacks which cause their public-facing properties to fall over because the tunnel termination points are likely going to be devices which fall over due to state exhaustion due to said attacks.

Encrypting everything, all the time, is a recipe for disaster.  

Enough on this topic.  No more replies - I've said my piece, and then some.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the AusNOG mailing list