----- Original Message -----
> From: "Dan York" <y...@isoc.org>
> To: "Mark Andrews" <ma...@isc.org>
> Cc: "Evan Hunt" <e...@isc.org>, "Bob Harold" <rharo...@umich.edu>, "dnsop" 
> <dnsop@ietf.org>, "Mikael Abrahamsson"
> <swm...@swm.pp.se>
> Sent: Wednesday, 16 November, 2016 23:28:18
> Subject: Re: [DNSOP] DNSSEC operational issues long term
> 
> On Nov 17, 2016, at 6:46 AM, Mark Andrews < [ mailto:ma...@isc.org |
> ma...@isc.org ] > wrote:
> 
> Is it that hard to add a sim or sd card reader? This is the solution
> the cable industry uses for its crypto issues but with bigger form
> factor cards.
> 
> ... the home CPE market is extremely LOW-margin right now. Service providers 
> and
> regular home users are looking for the cheapest options out there. Adding in a
> card reader adds cost and complexity - and a potential tech support issue - 
> and
> the reality is that I suspect the *vast* majority of users will not ever run
> into this issue. Most users will buy the box and connect it to their network
> and have the trust anchors just work.
> 
> Given the low margin, my suspicion is that most CPE manufacturers would NOT 
> want
> to add in any additional components to solve what for them would be an edge
> case in terms of volume.

This is the main problem.  Most CPE manufacturers don't give a damn
about their devices when they are able to sell them successfully
to unsuspecting people.  So I would suspect that if you bought
a low-end device supporting DNSSEC early next year and let it
collect a dust for a single year, there's a high chance it won't
work either, because there would be no way how to update neither
the firmware nor the trust anchors.  And even with the usual 2
year warranty most people would not just bother to return faulty
device to the seller, because $20 is not worth it.  And that's
exactly the reason why those vendors are able to do it.  Most
people just don't care...

And I am not convinced that we should design protocols to cater
the device vendor irresponsible behavior toward their products.

Cheers,
--
 Ondřej Surý -- Technical Fellow
 --------------------------------------------
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej.s...@nic.cz    https://nic.cz/
 --------------------------------------------

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to