[lenish]

That's not actually true. There have been several documented examples now of people injecting stuff into HTTP requests when they pass by (ISPs injecting notifications, ads, people running proxies injecting malicious javascript, etc).

[peterwwillis]

It's completely true. This content would never be targeted for MITM.

It's a dashboard for displaying the global locations of DNS root servers and links to their authoritative organizations. Not only is this an incredibly niche site, all DNS root server information is replicated around the world by multiple organizations. Nobody uses this site to maintain their DNS trusts, it probably gets incredibly low traffic, and going out of your way to MITM it would be a lot of work for no payoff. This is a terrible target. Nobody would bother.

[lenish]

It's not strictly about targeted attacks. There are people who modify unencrypted content that passes through their system regardless of what content it is. There have been several presentations on this topic, but I'll link the slides for one [0]. Here's an article about an ISP injecting ads in case you don't think this sort of thing happens in real systems [1].

[0] https://www.defcon.org/images/defcon-17/dc-17-presentations/...

[1] http://arstechnica.com/tech-policy/2013/04/how-a-banner-ad-f...