Hub & Spokes Security Model (Non-Trusted) Softwire Host User ISP Network AF(i) SI L2TPv2, PPP AAA IPsec authentication MUST be used. Snoop Spoof Replay Modification Deletion DoS MITM BLH Rogue SC Public Facilities Service Theft Non-TRUSTED PPP Authentication: no per-packet authentication, integrity nor replay protection PPP Encryption (ECP): No key management RFC3193 Mutual Authentication MUST be used. |