Am 07.01.19 um 19:18 schrieb Matthew Pounsett:
That is a broken business model which, if they are doing DNSSEC validation, will result in broken routers (on top of the security vulnerabilities they open their customers to). I suspect that's going to affect their bottom line.
Renne:
I agree with the broken business model. That business model outbrakes DNSSEC. Sale-and-forget vendors tend to ignore DNSSEC. Even the expensive AVM Fritz!Boxes don't do DNSSEC validation.
Unforutnately the business model isn't broken at all - if you see it as exactly that: a BUSINESS model. The box stops working, it gets tossed. The user buys a new one that works. Instead of having to handle expensive software updates, the vendor gets increased sales. What is there not to like? (From the vendor's standpoint, that is). Users have come to accept this as normal. I just tossed 5-8 perfectly working old pieces of CPE-like equipment in the city dump this weekend. I know they will never be safe. There is nothing I can do. My car inspector's words (regarding cars, but they are equally valid here) ring in my ears: "In the old days, they built cars to be as good as they were able to, now they build them as bad as they dare." (Slightly lacking translation, but you get it ...) Cheers, /Liman -- #---------------------------------------------------------------------- # Lars-Johan Liman, M.Sc. ! E-mail: liman@netnod.se # Senior Systems Specialist ! Tel: +46 8 - 562 860 12 # Netnod Internet Exchange, Stockholm ! http://www.netnod.se/ #----------------------------------------------------------------------