John Stracke wrote: > > >> Because it's not their software? If I wanted to do PKI through DNS, and > my > >> ISP's server did not support TCP, I might be stuck. Personally, I > don't > >> depend on my ISP for DNS, but many users do. > > > >So users wanting this new service will be pretty motivated to switch DNS > >servers when the time comes, what's the big deal in that? > > The big deal is that some of the more restrictive ISPs may not permit > customers to bypass their DNS servers. Same as with HTTP interception > proxies. And ther are multiple possible answers to that sort of behaviour, none of which require technological solutions, since it's not a technological problem. Users can be told "this function is not available from this ISP, change ISPs" and we let the free market do its thing. Operators of such a new service can run DNS servers on different ports for this functionality. There are probably lots of things you could do, but the fact that a particular ISP is behaving in an antisocial manner shouldn't be an issue for this list, should it? Last week I was told by a relative down in Australiaa that his ISP still scans for multiple hosts hiding behind NAT boxes. OTOH, one of my ISPs (Earthlink) regularly tries to *sell* me NAT boxes. Neither behavior would seem relevant to the NAT versus anti-NAT debate on this list but I happen to rather like the fact that my ISP recognizes that I want run this technology and doesn't try to treat me like a criminal for doing so. Now, it's a bit more tricky when the ISP is doing proxy interception, but frankly maybe we shouldn't be overloading the current DNS service with this. I didn't see anything so far in this thread that would discourage me from using DNS *technology* in this application, but maybe you would definitely want to set up your own root for this service. It would get you out from under the many operational restrictions folks put on DNS for "stability" reasons anyways, and by using a different port you'd find the proxy/interception issues go away, too. Sounds like a win for everybody... - peterd -- ----------------------------------------------------------------------- Peter Deutsch peterd@earthlink.net "I had to do an assignment on wild animals, and I decided to do my report on alligators. To complete my research, I took a trip to the zoo. I wanted to make a day of it, so I took along my pet dog. I figured we could throw a little frisbee, enjoy the sun, but boy was that trip a disaster. I had to tell my teacher that my homework ate my dog..." ----------------------------------------------------------------------