On the current timeline, October 11 -> January 11 so three months. Vendors of sealed units who ship equipment from before October 11 with delivery held up for three months at the docks by a strike, or people who put the sealed unit into a long-delay orbit to Mars to be turned on by Matt Damon on arrival have a problem here, if they don't have a backdoor manual override.
How many vendors do you think are in this space, not shipping a .trx or other download which installs the new info? On Wed, Nov 16, 2016 at 6:56 PM, Mikael Abrahamsson <swm...@swm.pp.se> wrote: > On Wed, 16 Nov 2016, George Michaelson wrote: > >> I feel this is a corner case. My experience with 'mom' whitegoods is that >> they age out much faster than the 10+ year case. Shops do not hold >> electronic goods for sale that long, if its old but unboxed, you have taken >> yourself into a dark alley deliberately. If you genuinely were supporting >> your mum by buying two, and keeping one offline for 10 years you would have >> done better buying one, and replacing after 5. > > > Ok, so let me ask an operational question: > > The way current root zone key rollovers are thought to be used, what's the > theoretical shortest worst-case shelf life of a device that relies on DNSSEC > working for itself to work properly? > > So if it's manufactured the day before a new key is publically released, > when is the key material it has built in no longer viable to have successful > DNSSEC validation? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop