Wow, this is an extremely serious vulnerability. People writing it off because it requires MitM. There's always a MitM, the internet is basically a MitM.

▲

webstrand 2 hours ago | parent [-]

MitM isn't even necessary, a rogue DHCP server configuring a malicious DNS could attack this.

	▲	burnt-resistor 43 minutes ago \| parent \| next [-]
		That's still a MITM, albeit a LAN-local one. Non-LAN WAN isn't the total scope of MITMs.
	▲	kortilla 43 minutes ago \| parent \| prev [-]
		That is a form of MiTM. It’s just changing DNS to IP bindings rather than IP to MAC or prefix to ISP.