[166306] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: comcast ipv6 PTR

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Oct 16 09:02:00 2013

To: Mark Andrews <marka@isc.org>
In-Reply-To: Your message of "Wed, 16 Oct 2013 18:50:29 +1100."
 <20131016075029.E6C0F83ED85@rock.dv.isc.org>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 16 Oct 2013 08:59:21 -0400
Cc: John Levine <johnl@iecc.com>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

--==_Exmh_1381928361_196303P
Content-Type: text/plain; charset=us-ascii

On Wed, 16 Oct 2013 18:50:29 +1100, Mark Andrews said:

> I can see this being done completely automatically by the CPE device.
> It is trivial to code.  It just required ISP's to *allow* it to happen.

The rest of the plan looks OK at first glance.. However, step 0:

> * CPE generates a RSA key pair.  Stores this in non-volatile memory.
>   [needs to be coded, no protocol work required]

has proven to be a lot harder to do in the field than one might expect, due
to the very limited amount of entropy sources available to a CPE that Joe
Sixpack just pulled out of a Best Buy shopping bag.  Witness the truly huge
pile of CPE that generate horribly insecure weak self-signed certs for https....

--==_Exmh_1381928361_196303P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iQIVAwUBUl6NqAdmEQWDXROgAQJoPRAArx/Kk4+IgC2IWvRv47k2UVRPr7fFbA0C
AcagjTiHdp2NQH60bfRRPx0x9Up0WHVljqybjGRWR7NtfdjXWamUyCkC0o52IsM3
BsWt1zIPO5igYEpS5c8AgGxBJo66pDtCSyeokPrdiN9xOGubfNJeAFWrzOac12/z
wyURt9dQFWvSv4ZTAiZZmH8Q93G2nvHNcOk97wTNJstjKuC3d2wKvIk+NizJCy8X
d94QBtcZqcmKo3ZPvnQxOoc56XtSw3Zqbw4WNh82A6zr7EDQkQTXx9V0y+VCPHZy
6E4H6d5uvZj9k5lbU9WKFArVtEuktcl8nEByjPJXe5zgdyVx6j/s6By4pLC+VDc+
vz3vd92Qrr1Z3VOAkIhUVYxxYVEUhOqwZMNoO2PDdXb5KPtgXvEEQifla8FjDMk4
e5OX1DSrQl1OoHJc2PFGSH5bjyI5LIsUbMo+3JaBl9YQy3qtqC3hP+8FUNwEPvxb
6kD1i3tKAa0lv+U+geCsOvtumQh2xEs/YbOBHOjNYS9WlT7O+g+0c+sEWLpPz5fk
LDEt7pvKGX8Fygl9UXLrH0Z6GoVwtoIZCXkz6Pk4S+EfureH0BIyHfVZ7qdCMDbO
X0JdL+HBxvnLT9buX2ESYONFdVtHYOCLu396hb9yRuDKavp8vrBnXsXDxYGH0/Ht
54/yYxvS7vs=
=gkEy
-----END PGP SIGNATURE-----

--==_Exmh_1381928361_196303P--
home help back first fref pref prev next nref lref last post