[jve]

> then the entirety of TLS PKI would be entirely redundant...

Don't think I agree with this. TLS is important against MITM scenarios - integrity, privacy. You don't need DNS for this to be abused but a man in the middle - whether that is some open wifi, ISP or tapped into your network any other way.

[cyphar]

If DNS was presumed secure (i.e., secure against MITM at all points in the chain) you could just stuff the public key into a DNS record (a-la DANE) and remove the need for PKI. There would be no need for the authentication provided by CAs, but you would still want to use TLS. Some might argue DNSSEC solves this already, I'm not particularly convinced it's any better than the original CA cabal.

[catlifeonmars]

TLS != the current TLS PKI, which is the distinction GP is making I think.

Although tbh I think that just moves the problem somewhere else (which is perfectly fine if you don’t like the current PKI).