Phillip Hallam-Baker wrote: > > The weakest DNS architectural idea is the notion that DNS resolvers are > untrusted. This is simply wrong. Every DNS resolver performs a trusted role. Nope, just the opposite. Name to address translation is meant to be an extremely lightweight and fast service. Hostnames are NOT supposed to be trusted in any way and it a serious misconception to think they're trusted. If you want to authenticate your peer, use something like an SSH host key. The routing of datagrams on the internet is also untrusted, so any notion that a service that translates hostnames into IP-Addresses should be trusted is fatally flawed and is totally ignorant about the fundamental architecture of the internet. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf