On Sun, Apr 11, 2021 at 12:20:28AM -0400, Phillip Hallam-Baker wrote: > Only VERIFYING digital signatures provides security. And nobody knows what > to do when DNSSEC validation fails so nobody really does it This is false both in premise and conclusion. I was tempted to ignore the rest of the post, but ... > On the trust root issue. Alice should be the root of trust for Alice, Bob > should be the root of trust for Bob. That is what I have been building. And > with an application that secures data at rest without rendering it unusable. I concur that the mesh is a good idea worth pursuing, you don't need to try to prove everything/everyone else wrong in order be right. If the mesh some day also ends up authenticating not only individuals but also network services, so be it. I hope it works out. -- Viktor.