Martin Rex wrote: > DNSsec, as far as I can see, does not use a PKI in the traditional > sense. There are _NO_ persons involved in the process, FYI, zones are operated by people. I can forge a key of your zone. I can, then, ask a person operating a parent zone of yours to issue a valid signature over the forged key. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf