From: Steve Gibbard [mailto:scg@gibbard.org]
Sent: Wednesday, January 12, 2005 5:35 PM
To: Hannigan, Martin
Cc: NANOG list
Subject: RE: Proper authentication model
[ snip ]
Obviously, if you are the local telco this isn't really out
of band, but
works well for others who aren't sharing the local telco's
infrastructure.Is it as secure as having your own diverse-path management network of
private point to point circuits? Probably not, but with sufficient
firewalling and encryption on the tunnels, it's good enough, and cheap
enough that it's possible to talk ISP owners into paying for it.
I don't know if this specifically relates to any local telco,
but there are some clear reasons on why to go through the excercise
of having a true out-of-band network. I don't disagree that smaller
ISP's may not neeed such a thing nor do I suggest that it offers a
significant ROI to the smaller guys.