[j-nsp] About Secure Transport for RPKI on JUNOS
Lukas Tribus
lists at ltri.eu
Tue Dec 25 03:45:06 EST 2018
Hello Gert,
On Tue, 25 Dec 2018 at 09:09, Gert Doering <gert at greenie.muc.de> wrote:
> If someone can interfere with TCP packets *inside your network* without
> you noticing, RPKI-RTR is likely the least of your worries.
I'm not sure I follow ...
other than using a lower layer encryption like macsec or L1 DWDM
encrpytion, how exactly do you avoid that attackers with physical
access to the fibers you are using are interfering with the TCP
packets? They can certainly capture packets, inject theirs, and very
likely corrupt/modify yours.
lukas
More information about the juniper-nsp
mailing list