[teddyh]

That blog post is five years old, and most of the things it lists are now moot.

[londons_explore]

True, but dnssec is still going nowhere...

The future seems to be HTTPS with domain-validated certificates over insecure DNS, or even dnssec but doing the http challenge over an insecure network.

Great for state actors to inject malware into any site...