On Wed, Dec 29, 2010 at 02:56:35PM +0000, Tony Finch wrote:
> On 28 Dec 2010, at 22:46, bmann...@vacation.karoshi.com wrote:
> >
> > IMHO, key management should be able to use an OOB channel
> > when the in-band is corrupted or overlaoded. Reliance on
> > strictly the IB channel presumes there will be no problems
> > with that channel. EVER. For me, I don't want to take
> > that risk. YMMV of course.
>
> If normal DNS resolution fails to work then there's no point in getting the
> keys from another source since there's no data for them to validate.
oh resoultion works a treat. its the validation that gets hosed. :)
--bill
