comcast ipv6 PTR
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Oct 16 12:59:21 UTC 2013
On Wed, 16 Oct 2013 18:50:29 +1100, Mark Andrews said:
> I can see this being done completely automatically by the CPE device.
> It is trivial to code. It just required ISP's to *allow* it to happen.
The rest of the plan looks OK at first glance.. However, step 0:
> * CPE generates a RSA key pair. Stores this in non-volatile memory.
> [needs to be coded, no protocol work required]
has proven to be a lot harder to do in the field than one might expect, due
to the very limited amount of entropy sources available to a CPE that Joe
Sixpack just pulled out of a Best Buy shopping bag. Witness the truly huge
pile of CPE that generate horribly insecure weak self-signed certs for https....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131016/06d9590a/attachment.sig>
More information about the NANOG
mailing list