(2013/11/02 10:48), Alex Rubenstein wrote:
Not necessarily. When the CPE is configured through DHCP (or PPP?), the ISP can send the secret.
Which can be seen, in many cases, by other parties
Who can see the packets sent from the local ISP to the CPE directly connected to the ISP?
The NSA, FBI, CIA, DHS.
If you mind wire tapping, you have other things to worry about, which needs your access line encrypted (by a manually configured password), which makes DHCP packets invisible.
Or, the ISP, the ISP's employees, contractors, sub-contractors.
If you can't trust the ISP, you can't make rDNS operated by the ISP secure.
Or the phone company handling the PPPOE, L2TP, or whatever else.
If you mind wire tapping, you have other things to worry about, which needs your access line encrypted (by a manually configured password), which makes DHCP packets invisible.
Or the WiFi sniffer on the street outside.
Does your CPE retransmit a received DHCP reply to Wifi? Masataka Ohta