I've been doing a lot of IPv6-related hacking recently, and of course
participating in this discussion about DNSSEC as a solution to MitM
attacks, and it occured to ask whether ip6.arpa is signed. It looks
like it's sort of half-signed - if I query the right authoritative
server, I do get a signed response, but most of the servers
authoritative for ip6.arpa do not respond with signed responses.
Since not everybody responds that way, it's effectively not signed.
How come? There's no giant user base whose ox will be gored here.
It seems like a no-brainer.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop