One key point though: even if DNSSEC was deployed from the root, and a
trusted copy of the root key was the client, the search path/default
domain must *also* come from a trusted source.
Currently, default domain/search path often comes from DHCP, and for
nomadic laptops where the relationship to the local network is often
casual at best, this is likely to be a mistake.
- Bill
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
