Large CAs, including Symantec, are already cooperating with CT. CAs will enroll in CT because if they don't, they won't be able to sell higher-value products (like the EV bar) to their users.
The problems with DNSSEC seem so obvious to me, and, obviously, I have problems taking pro-DNSSEC arguments seriously. I'm curious though; you sound plenty smart. What is it about DNSSEC that you actually like?
Oh, don't get me wrong: I actually like absolutely nothing about DNSSEC.
I just don't think "It has a worse security model than HTTPS" is a true statement. I think smart people need to keep working on the authentication problem, because we clearly have not solved it yet -- including with DNSSEC.
The problems with DNSSEC seem so obvious to me, and, obviously, I have problems taking pro-DNSSEC arguments seriously. I'm curious though; you sound plenty smart. What is it about DNSSEC that you actually like?