Yes you connect to 64 nodes as a vault and perhaps 4 or less as a client (testing right now), So a vault first needs acceptance form a close group to connect, then it can get another few nodes.
Bootstrap (I think this is the part you mean) is done like this
1: A user supplied IP:port + (optional public key)
2: A cache files of previously known nodes IP;PORT and public key
3: Hard coded fall back nodes (maidsafe runs these, community should to) again IP:PORT public key
1: Allows a trusted friend in case of masssive network attack by pretty much anyone and users can fall back to trusted friends. It is a pretty good way of getting on in the first place for really paranoid users.
All should have public keys as well as IP:PORT, this means zero messages are not encrypted, even boostrap messages, so no keys passed in a plain connection, hence no man in the middle attacks.
There are options for the future as well, (every node attempts to create a port 5483 (“live” port)). The idea here is nodes can potentially locally discover other SAFE nodes. This port is not a normal use port but can be handy. It will be tcp and udp and will ultimately get rid of the need for cache node lists or hard coded lists and allow tiny SAFE networks to find each other and connect together, like a virus does. This is our Argentina ant approach (super colony). It is a really interesting area to play thought experiments in.
This is all good, but the hard coded nodes are not good, they should hardly ever be used past first connect (which is fine as its like where you download the software), but still a better approach is discovery.
This is one of the areas I spend a lot of time pontificating away from the crowd really. There are a lot of areas like this which will be invisible to users, but really important.
edit tl;dr
You need one nodes IP:PORT to bootstrap, then the correct IP:PORT is sent to you in secured messages and when the recipients decide they will securely connect (a node must meet certain requirements to be connected to anyone, the node ask and may or may not be accepted in many connections, for instance after 1 million nodes the next node to accept request will be after another 11 million nodes connect, but that is where testing is needed to show this as maths is weak at that part and too complex),