Nobody likes the WebPKI. But if you posted the private key for any trusted CA on Pastebin, it would be a very big deal. People around the world would get paged, and many of them would actually have to come in to work.
Contrast that with DNSSEC. The root key for the entire Internet, the one they have the secret Stonecutters ceremony to establish, could end up on Pastebin tomorrow and nothing would happen. Nothing would happen the next day either. Weeks could elapse and nothing would happen.
What's more, the comparison holds if you go back a year, 2 years, 10 years. The WebPKI is old (though evolving, unlike DNSSEC, for which things like transparency logs remain defensively evoked hypotheticals), but it has been important throughout it's life.
Hell, the application of DNSSEC we're talking about here is subsidiary to the WebPKI --- it's simply making sure that mail servers speak WebPKI-secured TLS to each other!
Contrast that with DNSSEC. The root key for the entire Internet, the one they have the secret Stonecutters ceremony to establish, could end up on Pastebin tomorrow and nothing would happen. Nothing would happen the next day either. Weeks could elapse and nothing would happen.
What's more, the comparison holds if you go back a year, 2 years, 10 years. The WebPKI is old (though evolving, unlike DNSSEC, for which things like transparency logs remain defensively evoked hypotheticals), but it has been important throughout it's life.
Hell, the application of DNSSEC we're talking about here is subsidiary to the WebPKI --- it's simply making sure that mail servers speak WebPKI-secured TLS to each other!