Jimmy Hess wrote: > The trouble with end-to-end encryption as a solution; is the > difficulty/impossibility of establishing ipsec SAs with arbitrary > hosts on the internet; without manual pre-configuration of every pair of > hosts.
In this case, the ISP and the CPE are physically and directly
connected with modest security, which makes automation possible.
Masataka Ohta
