dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to KrK

Re: Fair warning! 3rd party purchase of U-verse IPDSLAM modem

Correct. But it's about protecting that certificate. With that cert, you can get anything to sign-on as anyone. (in fact, you could get almost any PTM capable VDSL/ADSL modem to work.)


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
And what is the downside of using any modem? It worked just fine with ATM based ADSL (from a consumer standpoint).

I don't understand AT&T's stranglehold on the modem, other than they really don't want to lose out on the modem fees.
--
University of Southern California - Fight On!

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
The modem isn't the issue. Securing access to the network is. Uverse isn't using PPPoE to identify accounts. People are a lot more careful with their username/password; they cannot be with a device serial number and the same cert used by everybody. (read: everyone has the same username (cert) and the serialno is the password.) Granted, one still needs physical access to the network (read: dsl service) for this to work -- 'tho DSLAM ports can be turned on and off. [that's what we used to do sans PPPoE... customer stops paying the bill, we turn the port off.]


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
The CA is public knowledge. You can distribute it anywhere without any loss in security. Presumably the modem has other identifying certs or serial numbers that are used during the 802.1x authentication process.

Even without that, you said it yourself. Authentication is mainly handled at the physical level by deactivating the port at the CO. The rest is just to keep unauthorized modems (not users) off the network.
--
University of Southern California - Fight On!

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
said by Thinkdiff:

The CA is public knowledge.

CA (Certificate Authority)... yes, the public key is public, but it's only used to verify a signed certificate. Either the CA signing certificate (a closely guarded secret) or the device's authenticating certificate (signed by the CA, the same on every device) has expired. The authentication cert is NOT public knowledge. AT&T is not going to put it anywhere it can be easily extracted. (aside from the device that uses it. and even there, it's not easy.) If they were actually turning ports on and off, they wouldn't need this mess.

It's rather a moot point as there's currently no market for VDSL modems.