It's a plausible suggestion that all services that provide basic critical infrastructure for the Internet (e.g. DNS, Certificate Authorities, ISPs and network providers) should have a very high level of security testing given their attractiveness to attackers.
the only problem is... who's going to pay for it? the CA model and the DNS model tend to be a very low-cost one which means there's unlikely to be the kind of money available to pay for expensive red-teaming on a regular basis, let alone running infrastructure that would resist their attacks..
the only problem is... who's going to pay for it? the CA model and the DNS model tend to be a very low-cost one which means there's unlikely to be the kind of money available to pay for expensive red-teaming on a regular basis, let alone running infrastructure that would resist their attacks..