So, let me know what you think about the 'multiple independent signing authorities' concept as a way to deal with the sole (per zone) global trust anchor issue you raised; if that doesn't work, I'll see if I can come up with something better.
Noel, the importance of DNS for most of today's Internet traffic is IMO an indication that a similar dependency on a mapping system -- which your proposal would bring about -- may well be acceptable. It is certainly true that a dependency on DNS is less critical than a dependency on an address mapping system because the former does not directly affect IP connectivity. (I brought up this argument myself.) But this difference in criticality may be negligible given that most of today's use of the Internet would still fail if DNS misbehaved. I do not (yet) have a strong opinion on this matter, however. I brought it up in order discuss it and get a better understanding. Would be interesting to hear also other people's opinion about it. - Christian -- to unsubscribe send a message to rrg-request@psg.com with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg