On Fri, Jul 03, 2015 at 01:01:43AM +0300, Yoav Nir wrote:
> > Mallory can often trigger DNS lookups for her own domain, which
> > can return IP addresses that collide with Alice's domain. How
> > is that handled?
>
> RFC 4025 and Wikipedia suggest mapping the IPSECKEY record to the address
> through reverse DNS. I don?t know in what percentage of the Internet that
> would work.
Exceedingly little, it could make more sense at that point to just
publish the keys under in-addr.arpa.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
