> On 16 Nov 2016, at 10:12, Jaap Akkerhuis <j...@nlnetlabs.nl> wrote: > > Mikael Abrahamsson writes: > >> So if it's manufactured the day before a new key is publically released, >> when is the key material it has built in no longer viable to have >> successful DNSSEC validation? > > A properly designed device will discover that its preconfgured trust > anchor differs from what it finds online. It will not trust either > of these but offers the user a way to afind the proper trust anchor.
Or, take the device back to the place where you bought it and ask for your money back (or a replacement) because it doesn't work as intended. Most nations have laws which offer this sort of consumer protection. Good luck with that approach 10 years after the date of purchase though. Now which box in the attic has my mum's library of VHS tapes? :-) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop