igloo
honked back 20 Jan 2025 08:48 -0800
in reply to: https://benjojo.co.uk/u/benjojo/h/8RHP7jDy39JC2jB6pK
@benjojo Both GPON an XGS-PON devices necessarily will have some sort of AES(-CTR and possibly -ECB) hardware support, though in GPON land the ONTs/ONUs might only have decryption support. While it might have been cost-prohibitive to put encryption support on an ONT/ONU in 2004 (the first GPON rev), by 2010 (the latest GPON rev) it was far more practical to have both - revisions to support it as an option could be made. XGS-PON's first rev (2016) didn't do as much as one might expect with the underlying crypto. Camilla was added as an option, as were larger key sizes for AES, though the derivation mechanism and modes remained unchanged (AEADs weren't new news in 2016!). I suspect the desire was solely to prevent nosy neighbors and not to prevent someone a little more dedicated - i.e. no mass market "spy on your neighbors" devices could practically be sold due crypto and upstream attenuation. Everything else was out of the threat model. While practical, it wouldn't have taken much (barring export controls / implementer will, which are probably limiting factors) to provide much stronger controls.