On Fri, Nov 1, 2013 at 9:19 PM, Alex Rubenstein <alex@corp.nac.net> wrote:
a typical example will be the guy who run the dslam and the guy who run the bras belong to two different companies in market which mandate open access. ... which is very, very common.
It's also a troublesome situation for the ISP; it may be "open access" on paper, but DSLAMs and bras break, and then the ISP is potentially at the mercy of bureaucratic support walls and the DSLAM operator, who would love to create as many weeks delay in repair as possible and pay lip service to getting issues addressed; for the end user to get frustrated, blame the ISP, and switch service to their own. But yeah.... sniffing/tapping can target the underlying link provider. Or it can even involve agents tapping into copper wires with alligator clips, unbeknownst to even the DSLAM operator..... The trouble with end-to-end encryption as a solution; is the difficulty/impossibility of establishing ipsec SAs with arbitrary hosts on the internet; without manual pre-configuration of every pair of hosts. -- -JH