> Somebody (I > think it was Keith) suggested earlier in this thread that nobody should > be trusted with the single PKI root. Maybe the same sentiment applies to > DNS roots, as well?? no, it doesn't follow at all. you need a unique root (of some kind) to prevent name conflicts - mutual self-interest among competitors does not suffice to do that. OTOH a distinguished root CA is a Very Bad Idea. Keith