[ksk-rollover] RFC 5011 will not be implemented in Dnsmasq

Matthew Pounsett matt at conundrum.com
Mon Jan 7 18:18:31 UTC 2019

On Mon, 7 Jan 2019 at 13:15, Rene 'Renne' Bartsch, B.Sc. Informatics via
ksk-rollover <ksk-rollover at icann.org> wrote:

> The only SoHo routers in Germany doing automatic firmware updates (5
> years) are the AVM Fritz!Boxes. All other routers need manual firmware
> updates. Cheap 20,- € routers get one manual firmware update at best.
> Which KSK update mechanism should that sale-and-forget vendors use?

That is a broken business model which, if they are doing DNSSEC validation,
will result in broken routers (on top of the security vulnerabilities they
open their customers to).  I suspect that's going to affect their bottom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190107/47f6edfd/attachment-0001.html>

More information about the ksk-rollover mailing list