> On Mar 13, 2016, at 1:11 PM, John Levine <johnl@xxxxxxxxx> wrote: > >> Given that the DNS RR in question is something the end user has to >> explicitly request, ... > > Uh, what? The DNS is under control of the domain owner, not the end > users. A misreading of the comment. The "end-user" in question is the one doing the lookup, not the one whose key is published. Paul is making no claim about how the published key got there... -- Viktor.