> If explicit trust is required I agree, but in the DNS case we already > have a singly-rooted tree that everyone relies upon. if you want to > use the word "trust" then we all trust the root for DNS, but I think > the term is not applicable here. I think the word "trust" accurately reflects the situation. People do trust the current DNS to some degree. The danger of a DNS-based PKI is that people will invest far more trust in the DNS PKI than is warranted, and/or that the root and/or TLD servers will abuse that trust. Recent history demonstrates that such abuse is likely. Keith