In message <d58455c7-2747-434b-a6bd-912325df3...@isoc.org>, Dan York writes: > Mark, > > I agree that a physical solution could be a workable option (and a nice > one), BUT.... > > On Nov 17, 2016, at 6:46 AM, Mark Andrews > <ma...@isc.org<mailto:ma...@isc.org>> wrote: > > Is it that hard to add a sim or sd card reader? This is the solution > the cable industry uses for its crypto issues but with bigger form > factor cards. > > ... the home CPE market is extremely LOW-margin right now. Service > providers and regular home users are looking for the cheapest options out > there. Adding in a card reader adds cost and complexity - and a potential > tech support issue - and the reality is that I suspect the *vast* > majority of users will not ever run into this issue. Most users will buy > the box and connect it to their network and have the trust anchors just > work.
They will have a box that is flakey, get a new box and throw the old one in the draw. The new one will die and they will pull out the old box as a temporary replacement. That said as long as you can get into the box and disable validation temporarially you can bootstrap DNSSEC. Such boxes are almost certianly going to need their clocks to be set etc. > Given the low margin, my suspicion is that most CPE manufacturers would > NOT want to add in any additional components to solve what for them would > be an edge case in terms of volume. > > Just my 2 cents, > Dan > > -- > Dan York > Senior Content Strategist, Internet Society > y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624 > Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org> > Skype: danyork http://twitter.com/danyork > > http://www.internetsociety.org/ -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
