Yes, I completely agree that DNSSEC can provide a basis for a simple-to-use PKI. I wrote Easier Email Security is on the Way? back in 2002, outlining this. I think you could use DNSSEC to get keys for domains, and then other protocols (such as LDAP) to get public keys for individual users.
It's sad that it's taken so long to get DNSSEC mature. But it's finally starting to get out there. It's finally becoming possible.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds