Matt Corallo wrote:
That's great in theory, and folks should be using DNSSEC [1],
Wrong.
Both in theory and practice, DNSSEC is not secure end to
end and is not very useful.
For example, root key rollover is as easy/difficult as
updating IP addresses for b.root-servers.net.
Masataka Ohta
