Your arguments does not make sense as a coherent whole. Any one may not be wrong in itself, but the problems described are either not inherent to secure DNS, or are something that is much worse with every other proposal (including keeping today's system).

1. Your main argument is that the NSA and its cohorts have control over a handful of many top level domains available. But the same control that would allow them to take control over domains and generate valid DNS signatures for them does allow them to generate valid certificates in every proposed global PKI system, including today's. There is literally zero difference in attack space here.

2. Several of the current CA institutions are under government control. Any one can generate a valid certificate for any domain. It can be done without a trace of evidence. The same active attack against a DNSSEC signed TLD would by necessity be much more visible.

3. Given that DV PKI is what TLS relies on, any adversary that can modify DNS packets in-flight can also create a valid TLS certificate today. We know these attacks are taking place from the Snowden documents.

4. An attacker can choose which CA to attack, and pick the one that is easiest to fool, does not participate in Certificate Transparency etc. There are literally hundreds to choose from. You can mount an attack in advance. Stuxnet suggests this is routine.

5. There are no alternatives that solves what secure DNS does. Key pinning and HSTS is important, but offer a trust-of-first-use model that can at best be complementary to a PKI. It is also important to note that HSTS shares the same deployment problems DNSSEC does. One mistake and your web server and domain is inaccessible. That is the reason none of the banks offer neither HSTS nor DANE. At least my bank sign their domain, so their step should be small.

The smoke-and-mirrors argument that DNSSEC gives governments control over "their" top level domains, when in fact it makes the scope of their control much smaller and more well defined, would be expected from someone who wants to maintain status quo as long as possible.

I don't think many people want to read this deep into a tangent thread, so I'm going to keep my response very terse.

1. It's not my main argument, but, no: when a CA misbehaves, it is blacklisted (Google's done this). Google can't blacklist .com.

2. No. See FAQ.

3. No. See FAQ.

4. They can't do that if the certificate they're after is pinned. All they'll accomplish is getting the CA killed.

5. The thing DNSSEC secures simply doesn't need to be secured, any more than the IP options header does.

1. That example is not very useful. It's hard to blacklist .com, but it's even harder to blacklist Verisign. (Which by the way runs all of .com, and they have full power to delegate any domain and any certificate to anybody. This is not a theoretical attack.)

2/3. If you mean the FAQ you wrote yourself, it's misleading at this very point.

4. Pinning is useful, but it isn't a PKI. It's equally useful no matter how you issue certificates.

5. Domain name delegation are one of the Internet's weakest points today. Crypographic assurance of domain ownership would be very useful for a number of reasons.

Forged DNSSEC replies are inherently more public than forged TLS certificates, anybody can log the results and publish them.

And by doing so, the world would have evidence that somebody in that trust chain for that TLD has been lying. For TLS, that could be any CA in the world, which means that the number of single points of failure for services on DNSSEC is waaay lower. Because with DNSSEC you at least can chose who has the capability of forging results, with TLS alone that's all of the CA:s.

And why couldn't one combine the approaches anyway, using DNSSEC+DANE with certificate pinning? How would that possibly reduce security vs using standard DNS?