we cannot assume that the connection between isp and cpe is a single entity.
a typical example will be the guy who run the dslam and the guy who run the bras belong to two different companies in market which mandate open access.
we cannot assume that the connection between isp and cpe is a single entity.
a typical example will be the guy who run the dslam and the guy who run the
bras belong to two different companies in market which mandate open
access.
... which is very, very common.
It's also a troublesome situation for the ISP; it may be "open access" on
paper, but DSLAMs and bras break, and then the ISP is potentially at
the mercy of bureaucratic support walls and the DSLAM operator, who
would love to create as many weeks delay in repair as possible and pay lip
service to getting issues addressed; for the end user to get frustrated,
blame the ISP, and switch service to their own.
But yeah.... sniffing/tapping can target the underlying link provider.
Or it can even involve agents tapping into copper wires with alligator
clips, unbeknownst to even the DSLAM operator.....
The trouble with end-to-end encryption as a solution; is the
difficulty/impossibility of establishing ipsec SAs with arbitrary
hosts on the internet; without manual pre-configuration of every pair of
hosts.
Jimmy Hess wrote:
The trouble with end-to-end encryption as a solution; is the
difficulty/impossibility of establishing ipsec SAs with arbitrary
hosts on the internet; without manual pre-configuration of every pair of
hosts.
In this case, the ISP and the CPE are physically and directly
connected with modest security, which makes automation possible.
Masataka Ohta