Re: [Pppext] Future of the PPP WG

Jacni Qin <> Tue, 13 September 2011 03:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 22CAA21F8B6C for <>; Mon, 12 Sep 2011 20:52:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.438
X-Spam-Status: No, score=-3.438 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ozNuaLZytgtl for <>; Mon, 12 Sep 2011 20:52:04 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0A3C121F8B87 for <>; Mon, 12 Sep 2011 20:52:03 -0700 (PDT)
Received: by with SMTP id 18so267648vws.27 for <>; Mon, 12 Sep 2011 20:54:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=EDe7QAIvsdbdbxa5IlfTnOAEpplLJlgL2NYqsHf3qxA=; b=mE4li822TPMc0cmMrdaGIQtNjHd95puNnIOj7VS3nxtwe/Z5vv9oCDLJNZEysm/FPW 1doGzeXZd4VAlLCZsvSmM3/gl8bmHIc00FOvoKdzsRAX6voeRMmqjQvJl2whZDQp25Sh XyXkywuEBCeg2mlohpqDm1C9BHX20YhlvivrI=
MIME-Version: 1.0
Received: by with SMTP id f17mr628249vdu.150.1315886049230; Mon, 12 Sep 2011 20:54:09 -0700 (PDT)
Received: by with HTTP; Mon, 12 Sep 2011 20:54:09 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Tue, 13 Sep 2011 11:54:09 +0800
Message-ID: <>
From: Jacni Qin <>
To: Vernon Schryver <>
Content-Type: multipart/alternative; boundary=20cf307d00d0877f3b04acca987c
Subject: Re: [Pppext] Future of the PPP WG
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PPP Extensions <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Sep 2011 03:52:05 -0000

On Sat, Sep 10, 2011 at 11:37 AM, Vernon Schryver <> wrote:

> > From: Thomas Narten <>
> >            (By that, are there still folk doing PPP implementations
> > that would read such documents?)
> >
> > This WG's current charter seems to be very realistic and pragmatic
> > given the state of both PPP and the WG. We should not be updating the
> > charter to add items that will in practice never get done, no matter
> > how much we might like to see such work getting done (in an ideal
> > world).
> A more accurate way to say that is that this WG should not be turned
> into a vanity press for old folks trying to prove we're not irrelevant.
> If there is real and substantial work to be done, then it should be
> proposed before changing the charter in sufficient detail to convince
> honest and well informed third parties that and how the charter should
> be changed.
> Observations that the security of PPP protocols might be improved
> would be valid but entirely insufficient.  Significant needs and
> potential fixes must be proposed before starting yet another
> multi-year PPP project that would not finish before IPv4 address
> exhaustion finally makes IPv6 real.
> Actually, we are trying to get things done in real world to smooth the path
to IPv6, which seems
to be welcome by some ISPs, since, there is a gap in the case of PPP for
I know it may have been discussed, and a suggestion was given, but some ISPs
whose access networks are 90% based on PPP, and who are planning to deploy
IPv6 for their comercial services, are not convinced.

There're still works need to be done.


>  ...
> Personally I think PPP insecurity was never a very pressing problem,
> because link layer security never mattered as much as security at
> higher layers.
> Besides, other link layer protocols such as 802.11 that are more
> popular (measured by nodes using them) and less secure (as commonly
> deployed) make the insecurity of PPP links moot.  What bad guy would
> bother attacking a PPP/DSL link when a radio can get bits on and
> off the same PPP link easier and with fewer traces?
> Link layer encryption, authentication, and authorization don't
> matter a lot if you have end-to-end confidentiality, authentication,
> authorization, non-repudiation, etc.  On the other hand, if you
> haven't secured things end-to-end, then link layer security is
> snake oil.
> If you've the least connection to today's operational security
> community, you know that the worst that could happen with a link layer
> attack is trivial compared what happens now in higher layers.  Even
> if this WG could fix PPP security this decade, wouldn't the effort
> of the rest of the IETF in reviewing, advancing, and shuffling our
> documents be better spent in the higher layers?  Recall BPG security,
> what DigiNotar and Comodo prove about PKI (that we all knew many years
> ago), old style insecure DNS, DNSSEC vulnerabilities analogous to the
> PKI problems, the RIR issues, and so forth and so on and on.
> It would be nice to fix nasty messes such as PPPoE, but that ship
> has also sailed.
> Vernon Schryver
> _______________________________________________
> Pppext mailing list