On Fri, Jul 03, 2015 at 01:01:43AM +0300, Yoav Nir wrote: > > Mallory can often trigger DNS lookups for her own domain, which > > can return IP addresses that collide with Alice's domain. How > > is that handled? > > RFC 4025 and Wikipedia suggest mapping the IPSECKEY record to the address > through reverse DNS. I don?t know in what percentage of the Internet that > would work.
Exceedingly little, it could make more sense at that point to just publish the keys under in-addr.arpa. -- Viktor. _______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane