Yet another Quadruple DNS?

Scott Weeks surfer at mauigateway.com
Tue Apr 3 22:07:27 UTC 2018


--- bortzmeyer at nic.fr wrote:
From: Stephane Bortzmeyer <bortzmeyer at nic.fr>

 Rich Kulawiec <rsk at gsp.org> wrote 
 a message of 10 lines which said:

> Watch what you wish for: you might get it.  The number of
> attack/abuse vectors (and the severity of their consequences for
> security and privacy) involved in doing auto-update may rival those
> involved in not doing auto-update.

Also, there is the risk of getting updates that will disable some
features, if there is a change in the commercial strategy of the
vendor
<https://boingboing.net/2016/09/19/hp-detonates-its-timebomb-pri.html>.
All these risks are documented in RFC 8240, a highly recommended
reading.
-------------------------------------------


Regarding the HP example story, won't natural attrition fix this?  My 
stuff has been in storage for well over a year for various reasons and 
if I pull out my HP printer (which has non-HP cartridges) and it does 
this to me, I surely won't get another one.  I'm also sure I'd be the 
norm on this as it would anger other non-technical HP customers, as 
well.  (I was on the fence with HP anyway as they try to take over my 
equipment too much)

scott


ps. Who knows, I don't let my printer talk outside my network anyway, 
so maybe I didn't get the update.


More information about the NANOG mailing list