nanog mailing list archives

Re: comcast ipv6 PTR

From: Valdis.Kletnieks () vt edu
Date: Wed, 16 Oct 2013 08:59:21 -0400

On Wed, 16 Oct 2013 18:50:29 +1100, Mark Andrews said:

I can see this being done completely automatically by the CPE device.
It is trivial to code.  It just required ISP's to *allow* it to happen.


The rest of the plan looks OK at first glance.. However, step 0:

* CPE generates a RSA key pair.  Stores this in non-volatile memory.
  [needs to be coded, no protocol work required]


has proven to be a lot harder to do in the field than one might expect, due
to the very limited amount of entropy sources available to a CPE that Joe
Sixpack just pulled out of a Best Buy shopping bag.  Witness the truly huge
pile of CPE that generate horribly insecure weak self-signed certs for https....

Attachment: _bin
Description:

Current thread:

Re: comcast ipv6 PTR, (continued)
- - - Re: comcast ipv6 PTR Jean-Francois . TremblayING (Oct 15)
    - Re: comcast ipv6 PTR John R. Levine (Oct 15)
    - Re: comcast ipv6 PTR joel jaeggli (Oct 15)
    - Re: comcast ipv6 PTR joel jaeggli (Oct 15)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 15)
    - Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
    - Re: comcast ipv6 PTR Joe Abley (Oct 15)
    - Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
    - Re: comcast ipv6 PTR Brielle Bruns (Oct 15)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 16)
    - Re: comcast ipv6 PTR Valdis . Kletnieks (Oct 16)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 16)
    - Re: comcast ipv6 PTR Matt Palmer (Oct 16)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 16)
    - Re: comcast ipv6 PTR Lyndon Nerenberg (Oct 16)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 16)
    - Re: comcast ipv6 PTR Eugen Leitl (Oct 17)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 15)
    - Re: comcast ipv6 PTR Bjørn Mork (Oct 16)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 16)
    - Re: comcast ipv6 PTR Barry Shein (Oct 15)

(Thread continues...)