[ksk-rollover] RFC 5011 will not be implemented in Dnsmasq
Rene 'Renne' Bartsch, B.Sc. Informatics
ml at bartschnet.de
Mon Jan 7 18:33:40 UTC 2019
Am 07.01.19 um 19:18 schrieb Matthew Pounsett:
>
>
> On Mon, 7 Jan 2019 at 13:15, Rene 'Renne' Bartsch, B.Sc. Informatics via ksk-rollover <ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>> wrote:
>
>
>
> The only SoHo routers in Germany doing automatic firmware updates (5 years) are the AVM Fritz!Boxes. All other routers need manual firmware updates. Cheap 20,- € routers get one manual firmware update at best.
>
> Which KSK update mechanism should that sale-and-forget vendors use?
>
>
> That is a broken business model which, if they are doing DNSSEC validation, will result in broken routers (on top of the security vulnerabilities they open their customers to). I suspect that's going to affect their bottom line.
I agree with the broken business model. That business model outbrakes DNSSEC. Sale-and-forget vendors tend to ignore DNSSEC. Even the expensive AVM Fritz!Boxes don't do DNSSEC validation.
Regards,
Renne
More information about the ksk-rollover
mailing list