said by Thinkdiff:
The CA is public knowledge.
CA (Certificate Authority)... yes, the public key is public, but it's only used to verify a signed certificate. Either the CA signing certificate (a closely guarded secret) or the device's authenticating certificate (signed by the CA, the same on every device) has expired. The authentication cert is NOT
public knowledge. AT&T is not going to put it anywhere it can be easily extracted. (aside from the device that uses it. and even there, it's not easy.) If they were actually turning ports on and off, they wouldn't need this mess.
It's rather a moot point as there's currently no market for VDSL modems.