>The only way you could do that sort of thing with DNS records is if >you were doing something like S/MIME and you had a LRA for the domain >with its own root or intermediate cert and published an authenticator >for that in the DNS. then you could put a link to your directory where >account granular lookup can be performed in the DNS next to it. Ah, you mean like draft-bhjl-x509-srv-00 R's, John