Paul, I think the simple argument here is that, in the DNS, the parent is authoritative for (DNS) names it assigns to nodes below it, period. This differs from the browser PKI model (let's not dump on X.509 for this truly awful PKI design), where any TA can issue a cert for any name.
Steve _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
