Embedded systems of this sort need to have a management process so that that can be updated. This is needed for more reasons than DNSSEC. Putting a ten year old device on a network without upgrading the firmware is irresponsible.
On Nov 17, 2016 06:57, "joel jaeggli" <joe...@bogus.com> wrote: > On 11/16/16 10:44 PM, Wessels, Duane wrote: > > > >> On Nov 16, 2016, at 10:18 PM, Mikael Abrahamsson <swm...@swm.pp.se> > wrote: > >> > >> As a whole, nobody seems to be interested in actually coming up with a > viable solution that actually fixes peoples problems. Everybody's just > punting the problem elsewhere or waving their hands and says "not our > problem". > > > > I don't think its possible to have a solution that works for devices on > the shelf for an arbitrarily long time. You posed the problem as 10 years, > which I think is an unrealistically long time. > > A decade is well within the service range of all sorts embedded systems. > > > You could probably have a useful discussion about what is an appropriate > amount of time for something to be on the shelf and still expect it to > work. If there is some consensus on that then the operators of the key > material can design around it. > > > > DW > > > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
