On Fri, 2013-09-06 at 12:25 -0400, Paul Wouters wrote: > Any ISP that does not trust the last-mile providers should offer their > customers VPN access via IPsec. Actually, they should offer it > regardless so their users can use a VPN to connect to the ISPs > infrastructure when the user is roaming on his laptop/phone as well. > > There is no "ppp encryption" the ISP can add, because the last-mile > provider usually terminates the PPP(OE) session. They need to add > encryption on the resulting IP layer, not below it. > > Paul
Having discussed this with my access ISP, they've confirmed that they are responsible for terminating the PPP session, and could implement encrypted PPP in principle. Maybe this is ridiculously uncommon, I don't know. IPsec is great, and what I'm using over the last mile at the moment, but encrypting PPP appeals to me a lot. And maybe all that's needed is updating the list of crypto schemes in RFC1968? /Nick _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
