[ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover

Ray Bellis ray at isc.org
Fri Sep 21 17:20:57 UTC 2018

On 21/09/2018 18:02, Michael StJohns wrote:

> I wish people would stop repeating this stupid canard.  It's almost
> as stupid as "IOT devices need less security".

I should clarify.

It's *technically* a problem with a solution, as you've outlined.

Getting such a solution *commercially deployed* in low cost CPE seems
somewhat harder.

> But guidance to the CPE vendors that they need to provide firmware
> updates for at least N years after manufacture and that those
> firmware updates may include new root public keys seems like a good
> document to write.

I don't think IETF guidance alone will suffice.  It may require
legislative mandate.


More information about the ksk-rollover mailing list