[ksk-rollover] RFC 5011 will not be implemented in Dnsmasq
Matthew Pounsett
matt at conundrum.com
Mon Jan 7 18:18:31 UTC 2019
On Mon, 7 Jan 2019 at 13:15, Rene 'Renne' Bartsch, B.Sc. Informatics via
ksk-rollover <ksk-rollover at icann.org> wrote:
>
>
> The only SoHo routers in Germany doing automatic firmware updates (5
> years) are the AVM Fritz!Boxes. All other routers need manual firmware
> updates. Cheap 20,- € routers get one manual firmware update at best.
>
> Which KSK update mechanism should that sale-and-forget vendors use?
>
That is a broken business model which, if they are doing DNSSEC validation,
will result in broken routers (on top of the security vulnerabilities they
open their customers to). I suspect that's going to affect their bottom
line.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190107/47f6edfd/attachment-0001.html>
More information about the ksk-rollover
mailing list