"Who bears the cost for that?" Assuming you're talking about the costs of signing the root, presumably the organization chosen to sign the root. You appear to be making a significant leap in assuming the costs for signing the root will cause root management procedures to be "systematically revised". I see no evidence to justify such a leap. DNSSEC signing need merely add an additional step to the DNS root management procedures. "Have you been following the DLV and off-tree-signing debates?" You might say that. "Several of the DNSSEC architects are planning on setting up alternate roots because of the Internet Governance impact of DNSSE.[sic]" Who are "DNSSEC architects"? I would not be surprised that some DNSSEC-knowledgable individuals are discussing setting up alterative trust hierarchies due to the political issues involved in signing the root, however this is irrelevant to the assertion that the root management procedures must be systematically revised to implement DNSSEC. "I think you're oversimplifying this a bit" Actually, I'm trying to reduce the hype. DNSSEC is a technical solution to a particular vulnerability in the DNS protocol specification. It is not magic pixie dust that will by itself trigger a revision, systematic or not, to root management procedures. Such revisions _may_ occur, but they are NOT required to implement DNSSEC. Rgds, -drc