Comment 155 for bug 308181

After 14 years this is still open. What I can't figure out is why not having DNSSEC with RFC 6186 is seen as such a big problem while the currently implemented [Autoconfiguration](https://wiki.mozilla.org/Thunderbird:Autoconfiguration) feature gets the information from plain HTTP URLs. Both methods are identically vulnerable to MitM.