On Tue, Feb 24, 2015 at 1:22 PM, Simo Sorce <simo at redhat.com> wrote: > Sorry, but if you are using DNSSEC, MITM is not a problem, so > unfortunately I do not understand your concerns with more info on the > assumptions you are making. The proposal did not mention DNSSEC. I'm saying you'll need to say something about at least that.