Doesn't matter if it's multiple keys or multiple orgs signing one key, it's the notion that other folk besides the domain admin have any say in signing the zone that is troublesome. Geoff Huston has it spot on: http://www.circleid.com/posts/dnssec_once_more_with_feeling/ "Signing the DNS root appears to remain a political question rather than a technical question. For as long as there are folk who equate their unwavering desire to express their interest in the politics of the administration of the DNS with an undeniable conviction that they or others deserve a right of veto in the administration of the root zone of the DNS via their interest in a share of the control of the DNS root key, then this may well remain an intractable political problem. Sigh." . . . "Surely the answer to signing the DNS root is one that has been staring us in the face since the start of this entire DNSEC effort. As with all zones, it the role of the zone administrator to generate the keys and sign the zone file. In the case of the root zone of the DNS its back to the IANA to just do the job and let the rest of us move on."