comcast ipv6 PTR

• Previous message (by thread): comcast ipv6 PTR
• Next message (by thread): comcast ipv6 PTR
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 16 Oct 2013 18:50:29 +1100, Mark Andrews said:

> I can see this being done completely automatically by the CPE device.
> It is trivial to code.  It just required ISP's to *allow* it to happen.

The rest of the plan looks OK at first glance.. However, step 0:

> * CPE generates a RSA key pair.  Stores this in non-volatile memory.
>   [needs to be coded, no protocol work required]

has proven to be a lot harder to do in the field than one might expect, due
to the very limited amount of entropy sources available to a CPE that Joe
Sixpack just pulled out of a Best Buy shopping bag.  Witness the truly huge
pile of CPE that generate horribly insecure weak self-signed certs for https....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131016/06d9590a/attachment.sig>

• Previous message (by thread): comcast ipv6 PTR
• Next message (by thread): comcast ipv6 PTR
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]