One key point though: even if DNSSEC was deployed from the root, and a trusted copy of the root key was the client, the search path/default domain must *also* come from a trusted source.
Currently, default domain/search path often comes from DHCP, and for nomadic laptops where the relationship to the local network is often casual at best, this is likely to be a mistake. - Bill --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]