On Fri, 6 Sep 2013, Nick Thomas wrote: [ note, using "EU" for "end user" is _very_ confusing ]
PPP gets a lot of use still, especially between EUs and access ISPs, where it's generally not encrypted. RFC1968 exists, but doesn't actually seem useful any more. I'm envisioning a PPP enhancement where EU and ISP can exchange public keys beforehand, out-of-band if necessary, but it's all extremely fuzzy at the moment. My access ISP, who I have considerable trust in, has no real control over the infrastructure between my house and their access node near London - all that's BT-operated, and they just get to terminate PPP over it.
Any ISP that does not trust the last-mile providers should offer their customers VPN access via IPsec. Actually, they should offer it regardless so their users can use a VPN to connect to the ISPs infrastructure when the user is roaming on his laptop/phone as well. There is no "ppp encryption" the ISP can add, because the last-mile provider usually terminates the PPP(OE) session. They need to add encryption on the resulting IP layer, not below it. Paul _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
