nThe DNS does not have Certificate Revocation
Lists
uThere is no way to explicitly say: Do not trust
that KEY
nBut it is closest to a globally secured
distributed DB
uIPsec
distribution of key material
Fopportunistic keys; if there is a key in the DNS
and nothing better weÕll use
it
udiscussions on using the DNS for key
distribution
u<keydist@cafax.se>