I'm not qualified to say much about the legal aspects in any country, though the
combination of big companies and technology often makes for a lack of reason in the
But your DNSSEC solution does nothing to protect against the ISP doing a MIM attack.
The scenario I was talking about doesn't depend on DNS forgery at all. That's the
advantage the ISP has that other attackers don't have.