>And isn't there some danger that this "parallel" root becomes an >attractive target for those who want things to be different than >what's in the "official" root? That is, in effect, isn't this a plain >old alternative root?
I would assume the plan is that the clients use DNSSEC to validate the responses. This doesn't seem notably less secure than the current scheme, given how many networks "helpfully" reroute DNS traffic already. But my question about why not just hijack the address of an existing root stands. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
