Digging through some specs today led to some fun places.
-
Digging through some specs today led to some fun places.
On GPON networks, downstream flows are encrypted, but upstream flows are (by the spec) never encrypted[1]. On XGS-PON, upstream flows are optionally encrypted[2]. At least one large FTTH ISP in North America (and I'd imagine many others) doesn't seem to actually be enabling it[3].
Not that the built in encryption provides much protection. All keys chain back to a symmetric session key that can be derived by any party that witnesses the initial handshake[4].
While the logic of "we broadcast downstream and use timeslots for upstream" does make the need for downstream encryption feel more important, listening on all timeslots for a given loop to snatch data sent upstream feels like something we should have solved by 2025.
[1] ITU G.984.4 page 52 (pdf 58)
[2] ITU G.988 page 107 (pdf 113), Image 1
[3] Image 2
[4] ITU G.9807.1 page 216 (pdf 208)
-
N [email protected] shared this topic
-
@igloo this really brings a whole new meaning to the term "asymmetric encryption"
