[crosser]

> DNSSEC operators can be strong-armed the same way. You will also lose out on transparency logs.

Kepping DNS registry, CA, and hosting in different jurisdictions could be a noticeable improvement...