[rlpb]

> If you wish to carry on plugging in a telephone to your landline without any configuration then you will have to start using the telephone socket on your wifi router and only the router provided by your isp.

I find the need to configure a router or VoIP adapter to be a strange, over-engineered concept when it comes to replacing POTS. We're already authenticated by virtue of being physically connected. The exchange should be able to pass through the identity of the connecting line and no authentication or manual configuration is a fundamental requirement. In PPP, authentication is optional, but BT/OpenReach require it and complicate everything for consumers for no good reason. Since nearly every line has only one provider, they should keep track of that at their end, and then routers wouldn't need PPP configuration in the common case. Everything could be negotiated automatically, and the protocol already supports this!

We do have TR069 but that adds even more unnecessary complexity.

The same goes for a POTS replacement. Authentication is not fundamentally necessary. They could autodiscover, and then the identity of your physical line could be passed through. There isn't an obvious protocol here, but it's trivial to achieve technically as long as it isn't overengineered (see for example uPnP IGD vs. NAT-PMP). If this is a real problem, it can be addressed.

I don't think it's part of most consumer's threat models that it matters if their line identity is intercepted and used by an adversary, since we all use higher level protocols to establish higher level authentication anyway. But if it were, then TOFU together with an out-of-band update mechanism (eg. "call customer service to activate your new phone and/or router" or just "scan the QR code on the side of your phone and/orrouter with our app to activate it") would be all that's needed to deal with that. Client side authentication still wouldn't be needed, and can't address that threat model directly anyway.