First, the proper comparison for X.509 trusted sources is between the root anchor and the browser vendors not the specific trust sources chosen by Mozilla (or Microsoft or whomever).
Second, we can tell how many entities we have to trust, and the author just counted them: Mozilla's 177 delegates. Arguably, with DNSSEC, we can't tell how many entities to trust: how many zones has `com.` signed?
Third, X.509 allows the signing of arbitrary names largely because DNS isn't trustworthy. (And also because DNS isn't the only naming system people care about.)
Finally, with only one trusted path, there is only one place you need to attack to fool everyone.
You are inverting your second question. Every zone that we trust 'com.' to sign can only be singed by Verizon. There's one single point of trust here, you know what it is, and can choose what point you want when getting a domain.
About that one trusted path, you are also inverting the issue. With X.509 there are 100 places you can attack, any one of them being enough to fool everybody. With DNSSEC you have one single place (more like 3) you can attack, and can only fool people about a limited number of sites.
Really, DNSSEC is objectively better than X509, as for every flaw in DNSSEC, there is one equal or worse equivalent flaw on X509. Except of course for the issue of publishing all the signed names, that is a different trade-off between DoS protection and obscurity, so you can have a subjective opinion about.
* The CA system is not overtly delegated to governments, and the top level domains of the DNS tree are.
* Most of the world's most popular and privacy-sensitive websites are locked into domains controlled by governments with aggressive signals intelligence programs.
* CAs are revokable without global coordination, and DNS zones are not, so if an DNS zone owner begins misbehaving, there will be few options to restore trust.
* Modern X.509 doesn't merely rely on the CA tree, but also on (a) pinning and soon (b) CT logs, both of which create Internet-wide surveillance systems that make it extremely risky to subvert TLS sessions using compromised CAs.
* For that matter, pinned certificate take X.509 almost entirely out of the equation for sensitive sites like Google Mail; attempts to MITM Google are probably what caused the last few CA compromises to be detected.
* The cryptography in DNSSEC dates back to the 1990s; even the variant of RSA that it uses is obsolete.
(I assume you meant to s/Verizon/Verisign/ there.)
Are you saying that if I don't trust [current .com delegate] to manage my naming authentication, I can choose .ly or .io instead? I was trying to point out that DNSSEC can't do anything about googIe.com or similar i18n-style attacks.
I'm glad that TACK exists, and I'm glad people like tptacek are advocating for it. But DNSSEC and X.509 aren't the only two possibilities for the future of secure infrastructure.
Funny thing that TACK and the Google project for certificate transparency have exactly the same failure point of DNSSEC, in that both will make all the names public.
TACK is great. Google's certificate transparency isn't. And, yes, we need more proposals. The more, the better.
It's not just the trustworthyness of the browser vendor, but the scope. Any of the 177 delegates are trusted to sign for any domain on the internet. Further, those 177 delegates can mint CA=True certificates for anyone they like and our browsers trust those subordinates by default. That's what the author means by we can't know how many CA's we trust.
With DNSSEC there is one public key hash stored in the com zone which authenticates the public key for the paypal.com domain.
With many possible trusted paths for validation you only need to attack the weakest one, and because CA's are not restricted in what domains they can sign, you will still fool everyone.
First, the proper comparison for X.509 trusted sources is between the root anchor and the browser vendors not the specific trust sources chosen by Mozilla (or Microsoft or whomever).
Second, we can tell how many entities we have to trust, and the author just counted them: Mozilla's 177 delegates. Arguably, with DNSSEC, we can't tell how many entities to trust: how many zones has `com.` signed?
Third, X.509 allows the signing of arbitrary names largely because DNS isn't trustworthy. (And also because DNS isn't the only naming system people care about.)
Finally, with only one trusted path, there is only one place you need to attack to fool everyone.