Martin Rex wrote: >> The weakest DNS architectural idea is the notion that DNS resolvers are >> untrusted. This is simply wrong. Every DNS resolver performs a trusted role. > > Nope, just the opposite. Name to address translation is meant to > be an extremely lightweight and fast service. DNS has been extremely lightweight, fast and trustable service > Hostnames are NOT supposed to be trusted in any way and it a serious > misconception to think they're trusted. DNS, including but not limited to DNSSEC, has been weakly secure and is as secure as, for example, PSTN function for callees to know callers number, which is trusted upon by most mobile phone users. You can just trust network and domain operators of the Internet, just as you can trust network and E.164 number operators of PSTN. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf