> I am also fairly skeptical about solutions like this being > "generally" useful for client auth, due to the very low penetration > of DNSSEC deployment
It would be a lot easier if instead of [client-domain-name] it would be [identity-provider-domain-name]. Under the assumption that organizations that can provide identity can also handle DNSSEC. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
