Re: [perpass] encrypted PPP
Dean Willis <dean.willis@softarmor.com> Fri, 06 September 2013 19:14 UTC
Return-Path: <dean.willis@softarmor.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5AD21F9FAE for <perpass@ietfa.amsl.com>; Fri, 6 Sep 2013 12:14:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.495
X-Spam-Level:
X-Spam-Status: No, score=-102.495 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5QA+4uXuX-zW for <perpass@ietfa.amsl.com>; Fri, 6 Sep 2013 12:14:30 -0700 (PDT)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id C71F811E81BF for <perpass@ietf.org>; Fri, 6 Sep 2013 12:14:09 -0700 (PDT)
Received: by mail-ob0-f177.google.com with SMTP id f8so3875861obp.36 for <perpass@ietf.org>; Fri, 06 Sep 2013 12:14:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softarmor.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=twqdvlCjQYXx4UTDsySX9CYBsoV1zKXEa5V934+doC8=; b=WLOgP5f6/wHMDwtMfzXQIi7Ht928A6TXz23q8hwKUV7hc8o2H79EXSxWAQMifKW0DA fp1SYTdUDKMkVQNcc7T3pYI1S1D/dL7GF6vp66Kh0bizP8nx7sbgWtELFAUDuca1sHKX FWfIPf11uNvxWeRH8fxAj6qeTINEdB63t++08=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=twqdvlCjQYXx4UTDsySX9CYBsoV1zKXEa5V934+doC8=; b=mQANOxTv7tNJMl1knFdNxWg6erZI0T5bbnzmEt289nBfRWV/x4Qxfe/Wd4qK9oBS7M qpr76nibZVS3Plxu0lBLEbzP3ySydpHxp70C0NQbJJ4m6nFi0Q3RUubm2ggTAMaDaQOs SKvsOGHqer5w3prKsfePDa//0JDCiGjQ+FZ0jYxLeEyaJkcMGkZ4NPAOIzo4LdAwwNAi uOlC03TW+aMwCbH7RUCn40kZ2m9ocIRVfXTKAyGgCvOEp+UkG9/U1QuOTd8M0Ub4MgoC aWw9GDsn4kVc4F7i+5VNcrWfylOV2XLp+qz2tvVUjhbCMj9/9zoF28ZJ8o+pQd03vsU4 3LNw==
X-Gm-Message-State: ALoCoQmMm9HyDDzU+t2YyPA4CENd78ShDw4VfWYDCY8cwC53x9eWKnMClJ9tDAX8MhM2AbAu9mj8
X-Received: by 10.60.63.68 with SMTP id e4mr2976464oes.23.1378494849371; Fri, 06 Sep 2013 12:14:09 -0700 (PDT)
Received: from [192.168.2.112] (cpe-72-181-157-19.tx.res.rr.com. [72.181.157.19]) by mx.google.com with ESMTPSA id d3sm4099131oek.5.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 06 Sep 2013 12:14:08 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Dean Willis <dean.willis@softarmor.com>
In-Reply-To: <alpine.LFD.2.10.1309061221240.25570@bofh.nohats.ca>
Date: Fri, 06 Sep 2013 14:14:07 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <6AAE1E94-2DFD-4302-A207-2974BA89740B@softarmor.com>
References: <5229A06F.5070800@lupine.me.uk> <alpine.LFD.2.10.1309061221240.25570@bofh.nohats.ca>
To: Paul Wouters <paul@cypherpunks.ca>
X-Mailer: Apple Mail (2.1508)
Cc: perpass@ietf.org, Nick Thomas <nick@lupine.me.uk>
Subject: Re: [perpass] encrypted PPP
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 19:14:31 -0000
On Sep 6, 2013, at 11:25 AM, Paul Wouters <paul@cypherpunks.ca> wrote: > On Fri, 6 Sep 2013, Nick Thomas wrote: > > [ note, using "EU" for "end user" is _very_ confusing ] > >> PPP gets a lot of use still, especially between EUs and access ISPs, >> where it's generally not encrypted. RFC1968 exists, but doesn't actually >> seem useful any more. >> >> I'm envisioning a PPP enhancement where EU and ISP can exchange public >> keys beforehand, out-of-band if necessary, but it's all extremely fuzzy >> at the moment. My access ISP, who I have considerable trust in, has no >> real control over the infrastructure between my house and their access >> node near London - all that's BT-operated, and they just get to >> terminate PPP over it. > > Any ISP that does not trust the last-mile providers should offer their > customers VPN access via IPsec. Actually, they should offer it > regardless so their users can use a VPN to connect to the ISPs > infrastructure when the user is roaming on his laptop/phone as well. > > There is no "ppp encryption" the ISP can add, because the last-mile > provider usually terminates the PPP(OE) session. They need to add > encryption on the resulting IP layer, not below it. I concur completely, but might add that TLS-style VPNs (OpenVPN, for example) can be useful here too. But in either case, there's a significant opex cost for the ISP. This also means, probably, having VPN software in your router. And the code in your router is probably compromised by NSA, MSS, or both. -- Dean
- [perpass] encrypted PPP Nick Thomas
- Re: [perpass] encrypted PPP Paul Wouters
- Re: [perpass] encrypted PPP Dean Willis
- Re: [perpass] encrypted PPP Nick Thomas