DNSSEC is not safe:
1. It requires centralized trust which can be exploited by governments.
2. It still leaves your domain and PKI in the hands of incompetent rent-seeking registrars who can and do get socially engineered all the time.
DNSSEC is not safe:
1. It requires centralized trust which can be exploited by governments.
2. It still leaves your domain and PKI in the hands of incompetent rent-seeking registrars who can and do get socially engineered all the time.