Dickson, Brian wrote: > In order to subvert or redirect a delegation, the TLD operator (or > registrar) would need to change the DNS server name/IP, and replace the DS > record(s). Only to a victim to be deceived. > This would be immediately evident to the domain owner, when they query the > TLD authority (delegation) servers. Wrong. The domain owners can't know some victims are supplied faked data. Masataka Ohta