On Wed, Dec 29, 2010 at 02:56:35PM +0000, Tony Finch wrote: > On 28 Dec 2010, at 22:46, bmann...@vacation.karoshi.com wrote: > > > > IMHO, key management should be able to use an OOB channel > > when the in-band is corrupted or overlaoded. Reliance on > > strictly the IB channel presumes there will be no problems > > with that channel. EVER. For me, I don't want to take > > that risk. YMMV of course. > > If normal DNS resolution fails to work then there's no point in getting the > keys from another source since there's no data for them to validate.
oh resoultion works a treat. its the validation that gets hosed. :) --bill