Andrew,
Thus, instead of creating DNS entries containing the IP address of
each legitimate relay for a domain, the provider can give each
legitimate relay a certificate that allows them to authenticate
themselves as coming from that domain. Such a technique would work
no said that public-key based client authentication was not possible.
it is a perfectly reasonable idea.
they said that it has not established any significant track record of use.
blithely relying on a public key infrastructure ignores approximately
15 years of failure to get one deployed and used on any large scale.
d/
--
Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
Brandenburg InternetWorking <http://www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>