1 Nov
2013
1 Nov
'13
9:47 p.m.
Mark Andrews wrote:
It is a lot simpler and a lot more practical just to use shared secret between a CPE and a ISP's name server for TSIG generation.
No it isn't. It requires a human to transfer the secret to the CPE device or to register the secret with the ISP.
Not necessarily. When the CPE is configured through DHCP (or PPP?), the ISP can send the secret.
Which can be seen, in many cases, by other parties
Who can see the packets sent from the local ISP to the CPE directly connected to the ISP? If you mind wire tapping, you have other things to worry about, which needs your access line encrypted (by a manually configured password), which makes DHCP packets invisible. Masataka Ohta