In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g...@mail.gmail.com> you write: >Swapping the DNS cabal for the CA cabal is not an improvement. Right? They >are really the same arbitraging rent-seekers, just different layers.
The models are different. If I want to compromise your DNS I need to attack your specific registrar. If I want a bogus cert, any of the thousand CAs in my browser will do.