g'day, John Stracke wrote: > > >Such software would not see this kind of data unless a user > >of the server tried to use this stuff, and in that case I don't see > >why that user couldn't upgrade her own software to get it to work. > > Because it's not their software? If I wanted to do PKI through DNS, and my > ISP's server did not support TCP, I might be stuck. Personally, I don't > depend on my ISP for DNS, but many users do. So users wanting this new service will be pretty motivated to switch DNS servers when the time comes, what's the big deal in that? Somebody (I think it was Keith) suggested earlier in this thread that nobody should be trusted with the single PKI root. Maybe the same sentiment applies to DNS roots, as well?? Certainly it would seem to apply to trusting them with a single DNS service provider at the subroot level... (As he hides behind blast wall, to avoid flying shrapnel... ;-) - peterd -- ----------------------------------------------------------------------- Peter Deutsch peterd@earthlink.net "I had to do an assignment on wild animals, and I decided to do my report on alligators. To complete my research, I took a trip to the zoo. I wanted to make a day of it, so I took along my pet dog. I figured we could throw a little frisbee, enjoy the sun, but boy was that trip a disaster. I had to tell my teacher that my homework ate my dog..." ----------------------------------------------------------------------