So quit trying to be a dead horse that is not even there. If you are so interested in transport layer security, then by all means, encourage, promote, and develop solutions. STCP is one such measure. IPSEC is another. there are many choices. transport level security (integrity, authenticity) are orthoginal to application level security (DNSSEC, SSH, HTTPS, etc) DNSSEC was never designed to provide or assure end to end security as seen at the transport layer. It couldn't, since its not a transport protocol. or is there some subtle nuance that I am missing in your arguement that is being overshadowed by your strident insistance that DNSSEC is not secure end to end. I agree with you that it is not, and I say so what... thats not what it was designed for. -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf