Comment by sjamaan
Good point regarding registrar. Thinking a bit further, there's also the top-level domain: if that's under US control (eg .com), it could still be yanked away from you.
Good point regarding registrar. Thinking a bit further, there's also the top-level domain: if that's under US control (eg .com), it could still be yanked away from you.
.onion might be exempt but while the TLD "." is anycast worldwide for the actual DNS service, Verisign still signs the cert. Isn't that a show-stopper for dependencies on dns-over-https or https altogether or do .cn, .ru, .ir etc all add/replace with their own independent signatures ?
This is a massive risk that will affect half the internet or so.