Re: SRv6

[James Bensley <jwbensley+nanog () gmail com>]

On 16 September 2020 22:38:38 CEST, Randy Bush <randy () psg com> wrote:
> > Privacy != encryption.
>
> cleartext == privacy * 0
>
> cleartext * complexity == privacy * 0

False. Cleartext and privacy are two different things which are not mutually exclusive. Information can be in plaintext 
and private, it can also be encrypted and not private.

Consider multiple devices connected to a single customer instance (A) on an MPLS L2 VPN provider's network, consisting 
of a single VLAN/broadcast domain, all the connected devices are able to send information to each other, and they can 
receive the information sent to other devices not intended for itself. Any device, for example, can send a gratuitous 
ARP, update the control plane of the switch and pull traffic towards itself and have visibility of all the conversation 
on the VLAN/broadcast domain. Even if the conversations are encrypted, meaning no plaintext, which you seem to suggest 
means privacy, this receiving device sees all the conversations which take place, when they are taking place, between 
whom, for how long, how often, and so on. Encryption hasn't provided privacy if someone can see all that information.

Now consider a second customer (B) connected to a separate customer instance on the same L2 VPN provider network. 
Customer A can send any traffic they like and they can listen all day until the cows come home; they will never be able 
to send traffic to a customer B device in a separate L2 VPN instance, and they will never receive any traffic from a 
customer B device, they can't even see that customer B exists, if they are having any conversations, when, for how long 
etc, nothing.

That is privacy, which is completely different to plaintext and ciphertext.

Cheers,
James