>    I am also fairly skeptical about solutions like this being
>    "generally" useful for client auth, due to the very low penetration
>    of DNSSEC deployment 

It would be a lot easier if instead of [client-domain-name] it would be
[identity-provider-domain-name]. Under the assumption that organizations
that can provide identity can also handle DNSSEC.


_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to