> I just don't like the notion of deploying a brand new system you want certificates etc? or did you plan to reuse dns keys?
if the former, than all you are discussing is changing the transport to make routing security rely on dns and dns security. not a really great plan. if the latter, then you have the problem that the dns trust model is not congruent with the routing and address trust model. randy
