The motivating use case for DNSSEC is DANE. DANE stores TLS certificates in DNSSEC-signed DNS records. But the top of the DNSSEC tree is --- de jure! --- controlled by governments.
1. Get a signed CA certificate for your domain at gun-point.
2. Send a forged DNSSEC record?
In which case, it's not significantly worse than the current state? And even though we can't burn a TLD, we can burn the CA that signed the certificate in the first place?
Or is there some magic in DANE that subverts CA verification?
I don't understand your question. If the government can't subvert CAs, DNSSEC is pointless; let's all just rely on the CAs. It can subvert them. Now, what problem is DNSSEC solving?
2. Evil NSA subverts DNSSEC for COM to publish a bad CA certificate
3. Some combination of Google Certificate Transparency + HPKP discovers this, the CA in BFE gets removed from browsers
If your point is "DNSSEC is pointless", OK. But it sounds like you're saying it makes us less secure. I'm just trying to figure out how that could even be.
I'm not sure why your question is being side-stepped, I also had the same wonder. It seems from reading though that the reason this is a problem is CAs are not involved at all in the DANE/TLS scenario. Instead, the X.509 cert. stored in DNS is trusted for TLS purposes simply because it is DNSSEC signed rather than CA issued. However, it seems at this time, no mainstream browser actually supports this natively (some have released plugins).
What I (and you) seem to have assumed was that this was DNS based certificate pinning, which to me would have made a lot of sense.
