On Sep 12, 2013, at 2:35 PM, Phillip Hallam-Baker <hallam@xxxxxxxxx> wrote: > It would work just fine if the attacker did not mind if the surveillance was detected or actually wanted people to know they were being watched to intimidate them. Yup,neither PKI nor DNSSEC address that threat model. For that you need really good steganography or other covert channels. Probably too specialized for us.