As far as DNSSEC, a trust model following the domain hierarchy is currently being pushed

did dnssec drop cross-auth? cross-auth specifically allows non-hierarchic trust which allows one to 'subvert' the hierarchic model. randy