________________________________________
From: Jorge Amodio [[log in to unmask]]

>DNSSEC is not a magic solution and it's only one of the tools to start building
>a more secure infrastructure, and as McTim said just signing the TLDs don't
>do it, since the "chain of trust" starts from the root.

It doesn't have to start from the root. There can be a Trust Anchor Repository instead. DNSSEC has already been implemented by several ccTLDs and .org