Archive

On Sat, Sep 10, 2011 at 11:37 AM, Vernon Schryver <vjs@rhyolite.com> wrote:

> > From: Thomas Narten <narten@us.ibm.com>
>
> >            (By that, are there still folk doing PPP implementations
> > that would read such documents?)
> >
> > This WG's current charter seems to be very realistic and pragmatic
> > given the state of both PPP and the WG. We should not be updating the
> > charter to add items that will in practice never get done, no matter
> > how much we might like to see such work getting done (in an ideal
> > world).
>
> A more accurate way to say that is that this WG should not be turned
> into a vanity press for old folks trying to prove we're not irrelevant.
>
> If there is real and substantial work to be done, then it should be
> proposed before changing the charter in sufficient detail to convince
> honest and well informed third parties that and how the charter should
> be changed.
>
> Observations that the security of PPP protocols might be improved
> would be valid but entirely insufficient.  Significant needs and
> potential fixes must be proposed before starting yet another
> multi-year PPP project that would not finish before IPv4 address
> exhaustion finally makes IPv6 real.
>
> Actually, we are trying to get things done in real world to smooth the path
to IPv6, which seems
to be welcome by some ISPs, since, there is a gap in the case of PPP for
IPv6.
I know it may have been discussed, and a suggestion was given, but some ISPs
whose access networks are 90% based on PPP, and who are planning to deploy
IPv6 for their comercial services, are not convinced.

There're still works need to be done.

Cheers,
Jacni

>  ...
>
> Personally I think PPP insecurity was never a very pressing problem,
> because link layer security never mattered as much as security at
> higher layers.
>
> Besides, other link layer protocols such as 802.11 that are more
> popular (measured by nodes using them) and less secure (as commonly
> deployed) make the insecurity of PPP links moot.  What bad guy would
> bother attacking a PPP/DSL link when a radio can get bits on and
> off the same PPP link easier and with fewer traces?
>
> Link layer encryption, authentication, and authorization don't
> matter a lot if you have end-to-end confidentiality, authentication,
> authorization, non-repudiation, etc.  On the other hand, if you
> haven't secured things end-to-end, then link layer security is
> snake oil.
>
> If you've the least connection to today's operational security
> community, you know that the worst that could happen with a link layer
> attack is trivial compared what happens now in higher layers.  Even
> if this WG could fix PPP security this decade, wouldn't the effort
> of the rest of the IETF in reviewing, advancing, and shuffling our
> documents be better spent in the higher layers?  Recall BPG security,
> what DigiNotar and Comodo prove about PKI (that we all knew many years
> ago), old style insecure DNS, DNSSEC vulnerabilities analogous to the
> PKI problems, the RIR issues, and so forth and so on and on.
>
>
> It would be nice to fix nasty messes such as PPPoE, but that ship
> has also sailed.
>
>
> Vernon Schryver    vjs@rhyolite.com
> _______________________________________________
> Pppext mailing list
> Pppext@ietf.org
> https://www.ietf.org/mailman/listinfo/pppext
>

Re: [Pppext] Future of the PPP WG