DNSSEC adoption always felt like one of those things everyone agrees is important but operational complexity slows it down in practice.
DNSSEC adoption always felt like one of those things everyone agrees is important but operational complexity slows it down in practice.
It is absolutely not true that everybody agrees DNSSEC adoption is important. Much of the failure of DNSSEC adoption is operators believing it's not important.
It's a lot like HTTP and every other early internet protocol that existed before the crypto. Everyone agrees that it's a problem but fixing all the existing infra is really hard and expensive.