On Fri, 12 Jun 2009, Christian Huitema wrote: > > The only "secure" solution that we could deploy uses large numbers > instead of names, where the number is essentially a hash of a > self-signed certificate. That works, for some definition of working: if > you know what number to retrieve, you will get an authoritative answer. > But that means using large numbers instead of short friendly names, and > thus is not very "user-friendly". Another alternative is to use local relative names instead of global names, as in the Unmanaged Internet Architecture. http://pdos.csail.mit.edu/uia/ Tony. -- f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf