HTTPS solved a bunch of real world threat models that were causing massive security issues. So we collectively put a bunch of engineering time into making it performant so that we could deploy it everywhere with minimal impact on UX and performance.

▲

indolering 3 hours ago | parent [-]

DNSSEC also solves a bunch of real world threat models that do cause massive security issues. I think we should put that effort into DNS as well.

	▲	tptacek 2 hours ago \| parent \| next [-]
		Somehow they cause these massive security issues without impacting the 95%+ of sites that haven't used the protocol since it became viable to adopt a decade and a half ago. It's just a very difficult statistic to get around! Whenever you make a claim like this, you're going to have address the fact that basically ~every high-security organization on the Internet has chosen not to adopt the protocol, and there are basically zero stories about how this has bit any of them.
	▲	akerl_ 2 hours ago \| parent \| prev [-]
		Does it? I run a bunch of websites personally. I have ACME-issued TLS certificates from LetsEncrypt. I monitor the Certificate Transparency logs, and have CAA records set. What's the threat model that should worry me, where DNSSEC is the right improvement?