Tony Finch wrote:
Paul Vixie<p...@redbarn.org> wrote:
devices which cannot be updated by their makers must expire
Definitely.
I think the problem that most concerns me is the device that spends 3 or 6
months in a box between manufacturing and deployment, and which expects to
do a software update when it is plugged in, but there was a DNSSEC root
key rollover in the intervening time.
At the moment the only solution we can offer is to turn off DNSSEC until
the device has done enough updating to be able to turn DNSSEC on again.
Which is to say, DNSSEC is a hindrance not a help. This is an embarrassing
failure.
...
i suggest that bind, unbound, powerdns, and so on change their packaging
to put the trust anchor in a different upgradeable package (.deb, .rpm,
etc) than the software itself. until and unless the package manager is
secured by DANE rather than by ssh/pgp/x509/etc, then the solution for
being on the shelf for several months is, do a software update before
you try to go online.
it's only a failure if you think should have been trying to do it in the
first place, and the more i see from 5011 and the sentinel thread, the
more convinced i am that this should have been put deliberately out of
scope, many years ago.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop