Mikael Abrahamsson writes:
> So if it's manufactured the day before a new key is publically released,
> when is the key material it has built in no longer viable to have
> successful DNSSEC validation?
A properly designed device will discover that its preconfgured trust
anchor differs from what it finds online. It will not trust either
of these but offers the user a way to afind the proper trust anchor.
jaap
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
