It doesn't seem like bullshit to me to make sure that people claiming to be someone are actually them, and others who claim otherwise are not. With the anonymity the Internet brings, I find comfort in knowing that the URL I type in my browser is actually the endpoint I wish to receive. If that takes humans to deal with, so be it.

If that brings you comfort, then you should not be comforted as registrars will not do what you're describing.

Domain squatters, bitsquatters, impersonators etc. create shell companies and run rampant without consequences, and the most companies can try to do is buy up all the TLDs with their name and hope some don't fall through the cracks. It is literally just racketeering.

They can file a legal/beurocratic action, but by time it goes through the damage has already been done to their customers in the form of phishing and MITM attacks.

Not to mention that DNS (excluding finnicky DNSSEC) just maps a domain to an IP address. It's not a public key. You could have your connection middlemanned by your ISP or some 3-letter agency and you would be none the wiser. All the actual security is provided by the PKI.

> If that brings you comfort, then you should not be comforted as registrars will not do what you're describing.

That's not true, just depends on the TLD.

> Not to mention that DNS (excluding finnicky DNSSEC) just maps a domain to an IP address. It's not a public key. You could have your connection middlemanned by your ISP or some 3-letter agency and you would be none the wiser. All the actual security is provided by the PKI.

PKI you can't trust if nobody can trust the DNS.

In practice, nobody trusts the DNS, so this can't really be true. Not trusting the DNS was a design goal of TLS.

That is after issuance though. In this context, if it's your name server that can't be trusted, it's very difficult to bootstrap.