DNSSEC issues at the table:
Delegation Signer: good, but good enough to warrant further delays?
Opt-In: sensible compromise or a road-block in disguise?
APPKEY: how to store non-DNS keys in DNS?
Signing the root: the problem, the need and the management issue