>Now after 10 years after plugging the first one in, I take the second one 
>off the shelf and plug it in. It will now not work because there has been 
>a root zone key rollover. I am told this is by design. This makes me a sad 
>panda.
>
>We have a bootstrapping problem. My device has no way to know what time it 
>is so it can't verify certificates that might be used to update the key 
>material, and by above design decision, DNSSEC doesn't work.

Recently, there was some discussion in homenet related to this topic,
in particular how does a device without battery backed RTC obtain the
current time.

I think that ideally this should be discussed in a security related working
group. Because a lot of this is basically how we can have long term stable 
(online) signature keys.



_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to