Or your device needs an RTC... On Wed, Nov 16, 2016 at 6:30 PM, Mikael Abrahamsson <swm...@swm.pp.se> wrote: > On Wed, 16 Nov 2016, Ted Lemon wrote: > >> Why would you put a device on the shelf for ten years? Is this a real >> scenario? This is certainly a known issue that has been talked about at >> length--the conclusion when it was discussed is that there is nothing we can >> do about it, and it's relatively unlikely, and manually fixable. > > > How is it manually fixable? By someone to ssh into the device and edit a > file with new key material? > > My mom can't do this. > > I have personally picked a Cisco AGS out of a unopened box in 2010. By then > it was probably 15-20 (?) years old? > > Anyhow, my takeaway from this message is that DNSSEC can't be used as a > mechanism for device autoconfiguration. No device trying to autoconfigure > itself can rely on DNSSEC, because there is a fairly short (few years) > window for that device to get plugged in, because after that it can't > autoconfigure itself. > > Correct? > > > -- > Mikael Abrahamsson email: swm...@swm.pp.se
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
