nanog mailing list archives
Re: comcast ipv6 PTR
From: Valdis.Kletnieks () vt edu
Date: Wed, 16 Oct 2013 08:59:21 -0400
On Wed, 16 Oct 2013 18:50:29 +1100, Mark Andrews said:
I can see this being done completely automatically by the CPE device. It is trivial to code. It just required ISP's to *allow* it to happen.
The rest of the plan looks OK at first glance.. However, step 0:
* CPE generates a RSA key pair. Stores this in non-volatile memory. [needs to be coded, no protocol work required]
has proven to be a lot harder to do in the field than one might expect, due to the very limited amount of entropy sources available to a CPE that Joe Sixpack just pulled out of a Best Buy shopping bag. Witness the truly huge pile of CPE that generate horribly insecure weak self-signed certs for https....
Attachment:
_bin
Description:
Current thread:
- Re: comcast ipv6 PTR, (continued)
- Re: comcast ipv6 PTR Jean-Francois . TremblayING (Oct 15)
- Re: comcast ipv6 PTR John R. Levine (Oct 15)
- Re: comcast ipv6 PTR joel jaeggli (Oct 15)
- Re: comcast ipv6 PTR joel jaeggli (Oct 15)
- Re: comcast ipv6 PTR Mark Andrews (Oct 15)
- Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
- Re: comcast ipv6 PTR Joe Abley (Oct 15)
- Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
- Re: comcast ipv6 PTR Brielle Bruns (Oct 15)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Valdis . Kletnieks (Oct 16)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Matt Palmer (Oct 16)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Lyndon Nerenberg (Oct 16)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Eugen Leitl (Oct 17)
- Re: comcast ipv6 PTR Mark Andrews (Oct 15)
- Re: comcast ipv6 PTR Bjørn Mork (Oct 16)
- Re: comcast ipv6 PTR Mark Andrews (Oct 16)
- Re: comcast ipv6 PTR Barry Shein (Oct 15)