(2013/11/02 10:48), Alex Rubenstein wrote: >>>> Not necessarily. When the CPE is configured through DHCP (or PPP?), >>>> the ISP can send the secret. >>> >>> Which can be seen, in many cases, by other parties >> >> Who can see the packets sent from the local ISP to the CPE directly >> connected to the ISP? > > The NSA, FBI, CIA, DHS.
>> If you mind wire tapping, you have other things to worry >> about, which needs your access line encrypted (by a manually >> configured password), which makes DHCP packets invisible. > Or, the ISP, the ISP's employees, contractors, sub-contractors. If you can't trust the ISP, you can't make rDNS operated by the ISP secure. > Or the phone company handling the PPPOE, L2TP, or whatever else. >> If you mind wire tapping, you have other things to worry >> about, which needs your access line encrypted (by a manually >> configured password), which makes DHCP packets invisible. > Or the WiFi sniffer on the street outside. Does your CPE retransmit a received DHCP reply to Wifi? Masataka Ohta