Just to be clear... you're saying the benefits of universal DNSSEC outweigh the costs, even for smaller (and less financially capable) TLDs. (And there will certainly be costs to implement, even if the software itself is free...)
If you'd asked me a year or two ago, I would have said no, but now I think it does. It requires some expertise, but at this point, anyone who can't figure out DNSSEC has no business running a TLD. "Less financially capable" doesn't mean less smart, just perhaps less trained which is straightforward to fix. Also, some of the DNS attacks which seemed hypothetical have now turned out to be more practical than we thought, and there are some useful things you can do with domain names with DNSSEC -- a name with a DNSSEC chain back to the root is as secure as an SSL certificate, at typically much lower cost. That might well turn out to be attractive for people with less money. And finally, if you think that everyone will eventually need DNSSEC, which I do, it is vastly easier to design it into your systems from the beginning than to try to retrofit it to something that's already running. So new registries should just do it. It's not that hard, and the potential benefits are significant. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly