[lmm]

Not so long ago less than 5% of hosts were using HTTPS. But we're now in a world where being HTTP-only (or being HTTPS but not having a valid chain of trust signing your certificate) is unusual and suspicious, and presumably we believe that while that was something that had to be pushed out by browser makers etc., it ultimately benefits users. I would hope DNS will eventually go the same way for the same reasons.

[tptacek]

The adoption curve, in addition to being a decade and a half back from DNSSEC at that point, was also the inverse of DNSSEC's: the most popular sites on the Internet generally used HTTPS, and the least popular sites on the Internet dominate DNSSEC, with only 4.5% of the Tranco Top 500k being signed. And DNSSEC is the older protocol! Respectfully, the comparison is risible.