Am 07.01.19 um 19:18 schrieb Matthew Pounsett:
On Mon, 7 Jan 2019 at 13:15, Rene 'Renne' Bartsch, B.Sc. Informatics via ksk-rollover <ksk-rollover@icann.org <mailto:ksk-rollover@icann.org>> wrote:
The only SoHo routers in Germany doing automatic firmware updates (5 years) are the AVM Fritz!Boxes. All other routers need manual firmware updates. Cheap 20,- € routers get one manual firmware update at best.
Which KSK update mechanism should that sale-and-forget vendors use?
That is a broken business model which, if they are doing DNSSEC validation, will result in broken routers (on top of the security vulnerabilities they open their customers to). I suspect that's going to affect their bottom line.
I agree with the broken business model. That business model outbrakes DNSSEC. Sale-and-forget vendors tend to ignore DNSSEC. Even the expensive AVM Fritz!Boxes don't do DNSSEC validation. Regards, Renne