feature survey -- bind9 dnssec -- autogenerate missing signatures

[Paul Vixie]

>   But, just remember: you haven't introduced any new attacks by having
> the key available, unencrypted, on the DNS primary.

well, this is far afield from bind itself, getting into the overall topic
of dnssec operations, but i disagree.  one of the things dnssec is supposed
to result in is dnssec-aware applications who behave differently in the face
of signed results.  these new behaviours create a new collective risk, such
that a breakin to the primary server without dnssec won't be "as risky" as a
breakin to the primary server with dnssec.  but that's in the future, when
dnssec is ubquitous and dnssec-aware apps actually exist.  for now, the above
statement is operable.