Under DANE the responsibility for securing domains in .example falls to the .example operators, the very same people _getting paid_ by whatever.example. This is a much more satisfying arrangement. Most likely .com will continue to be run very poorly but other domains can choose to do better, which today is futile at least in respect of security.
And as a bonus you get the thing CAcert wanted most of all, which is that everybody can have working PKI at potentially zero cost. That can never happen (as CAcert's experience illustrates) under the current regime.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds