Tony Finch wrote:
Phillip Hallam-Baker<ph...@hallambaker.com> wrote:
So don't you dare claim that software updates are essential, that is an
ideological position learned from a limited set of experience.
...
devices which cannot be updated by their makers must expire. see:
http://geer.tinho.net/geer.blackhat.6viii14.txt
given this, the effort we're making to update dnssec trust anchors
in-band, when the X.509 CA trust anchors are updated by the operating
system, seems misdirected. especially since its complication grows every
year or two, and we can't test it unit-by-unit as OS vendors do.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop