On Wed, 16 Nov 2016, George Michaelson wrote:
I feel this is a corner case. My experience with 'mom' whitegoods is
that they age out much faster than the 10+ year case. Shops do not hold
electronic goods for sale that long, if its old but unboxed, you have
taken yourself into a dark alley deliberately. If you genuinely were
supporting your mum by buying two, and keeping one offline for 10 years
you would have done better buying one, and replacing after 5.
Ok, so let me ask an operational question:
The way current root zone key rollovers are thought to be used, what's the
theoretical shortest worst-case shelf life of a device that relies on
DNSSEC working for itself to work properly?
So if it's manufactured the day before a new key is publically released,
when is the key material it has built in no longer viable to have
successful DNSSEC validation?
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
