Re: Reverse DNS RFCs and Recommendations

[Masataka Ohta <mohta () necom830 hpcl titech ac jp>]

(2013/11/02 10:48), Alex Rubenstein wrote:
> > > > Not necessarily. When the CPE is configured through DHCP (or PPP?),
> > > > the ISP can send the secret.
> > >
> > > Which can be seen, in many cases, by other parties
> >
> > Who can see the packets sent from the local ISP to the CPE directly
> > connected to the ISP?
>
> The NSA, FBI, CIA, DHS.

> > If you mind wire tapping, you have other things to worry
> > about, which needs your access line encrypted (by a manually
> > configured password), which makes DHCP packets invisible.

> Or, the ISP, the ISP's employees, contractors, sub-contractors.

If you can't trust the ISP, you can't make rDNS operated
by the ISP secure.

> Or the phone company handling the PPPOE, L2TP, or whatever else.

> > If you mind wire tapping, you have other things to worry
> > about, which needs your access line encrypted (by a manually
> > configured password), which makes DHCP packets invisible.

> Or the WiFi sniffer on the street outside.

Does your CPE retransmit a received DHCP reply to Wifi?

                                                Masataka Ohta