But if a bunch of large, well-staffed, engineering-focused, otherwise competent organizations manage to fuck it up regularly, the problem's probably above the individual organizations. Potentially with the spec itself.
I've seen far more failed certificate renewal failures than DNSSEC failures from the same teams you appear to be suggesting are perfect and the standard is flawed.
The consequences of a failed certificate renewal are much smaller than the consequences of a DNSSEC failure: if you screw up DNSSEC, your site falls off the Internet, as if it never existed.
