Ralf Weber <[email protected]> wrote: > On 04 Mar 2014, at 10:00, Mark Andrews <[email protected]> wrote:
>> If you replace a CPE it just pushed new DS records for the
>> new DNSKEY records it generates. This is equivalent to a
>> emergency key rollover and only impacts client that have
>> cached records for the zone or its DS records.
> What if the new device doesn't support DNSSEC signing? I still think
> there are reasons to support both archictectures (signing on the CPE or
Then I think that it doesn't support DNS delegation anyway.
Ralf Weber <[email protected]> wrote:
> CPE. I just don't want to make it mandatory, as I have seen more
> problems with CPEs than with ISP operations (ok I may be biased here
> working in ISP operations for 15 years ;-).
I also have many years of experience in ISP operations as a consultant and
owner.
ISPs make a lot of short-term decisions that bite them later on.
I observe a pendulum of picking the cheapest CPE device, followed by picking
an overkill CPE device (for their "managed" service). Lather, rinse, repeat.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting for hire =-
pgp0ivbgaWgOy.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
