Matt Corallo wrote: > That's great in theory, and folks should be using DNSSEC [1], Wrong. Both in theory and practice, DNSSEC is not secure end to end and is not very useful. For example, root key rollover is as easy/difficult as updating IP addresses for b.root-servers.net. Masataka Ohta