[tptacek]

This debate plays out like a go joseki. Predictably, we've reached the part where the pro-DNSSEC side says, in effect, "NSA controls the Internet anyways, so it doesn't matter if we give them more control".

Sorry, I have a problem with the deployment of entire new Internet cryptosystems that grant NSA huge privileges by design. A decade of crypto engineering may have instilled an irrational bias against broken, compromised cryptosystems. To me: crypto should be something that makes NSA's job harder, not easier.

We may be at an impasse.

[nly]

I'm on your side, really. It's only my cynicism that puts me on the 'fuck it, if we're going to have DNSSEC let us at least leverage it well' side of the fence. That's exactly the same attitude as HPKP and HSTS in HTTP: 'Well HTTP sucks, let's see what we can do'.