For example, if the fans like a content creator, but they feel he charges too much and it takes too long to get the content legally, the $I cost of the content has just gone up.
I disagree. The integrity cost represents how good or bad one feels about acquiring the content in a given manner. If the fans like a content creator the integrity cost of a legal purchase goes down, not up. An expensive and time-consuming legal purchase option has high monetary and time costs; those parameters do not affect integrity cost. In this case the high monetary and time costs may outweigh the lower integrity cost and make a legal purchase less attractive than pirating, but the integrity cost is still low.
I think you've misconstrued the issue with routers. The only way in which DNSSEC will affect most provider devices (including true layer 3 routers) is by increasing the size of DNS packets. For almost all devices that shouldn't be a problem. ISPs, then, shouldn't have to upgrade their infrastructure much beyond their nameservers.
Where DNSSEC could become a problem is the ALG in NAT gateways (including home routers), which is responsible for parsing DNS responses to determine which masked computer they're intended for. Poorly implemented ALGs may be confused by DNSSEC packets. I suppose it's also possible that some gateway devices include a caching DNS resolver or some sort of DNS proxy that would need to be updated, but I've personally never seen one. DNSSEC is not exactly a new protocol, however. Most reasonably new hardware should support it.
Turning on DNSSEC too early won't break the Internet. Legacy clients will simply continue to use regular, unsecured DNS. Rolling out DNSSEC won't do anything to change that. While it is true that clients configured to require validation will fail if the recursive resolver doesn't support it, that's a per-client setting and can easily be disabled.
All of that is largely irrelevant to the discussion of SOPA. Your post seems to be insinuating that DNSSEC is not ready and thus we have time to fix it. Unfortunately, SOPA doesn't just break some implementation detail of DNSSEC as the MPAA seems to think. It breaks the very idea of DNSSEC. It enshrines in law the idea that the recursive resolver must lie to the client, which is exactly what DNSSEC was designed to prevent.
Integrity Cost
I disagree. The integrity cost represents how good or bad one feels about acquiring the content in a given manner. If the fans like a content creator the integrity cost of a legal purchase goes down, not up. An expensive and time-consuming legal purchase option has high monetary and time costs; those parameters do not affect integrity cost. In this case the high monetary and time costs may outweigh the lower integrity cost and make a legal purchase less attractive than pirating, but the integrity cost is still low.
Re:
I think you've misconstrued the issue with routers. The only way in which DNSSEC will affect most provider devices (including true layer 3 routers) is by increasing the size of DNS packets. For almost all devices that shouldn't be a problem. ISPs, then, shouldn't have to upgrade their infrastructure much beyond their nameservers.
Where DNSSEC could become a problem is the ALG in NAT gateways (including home routers), which is responsible for parsing DNS responses to determine which masked computer they're intended for. Poorly implemented ALGs may be confused by DNSSEC packets. I suppose it's also possible that some gateway devices include a caching DNS resolver or some sort of DNS proxy that would need to be updated, but I've personally never seen one. DNSSEC is not exactly a new protocol, however. Most reasonably new hardware should support it.
Turning on DNSSEC too early won't break the Internet. Legacy clients will simply continue to use regular, unsecured DNS. Rolling out DNSSEC won't do anything to change that. While it is true that clients configured to require validation will fail if the recursive resolver doesn't support it, that's a per-client setting and can easily be disabled.
All of that is largely irrelevant to the discussion of SOPA. Your post seems to be insinuating that DNSSEC is not ready and thus we have time to fix it. Unfortunately, SOPA doesn't just break some implementation detail of DNSSEC as the MPAA seems to think. It breaks the very idea of DNSSEC. It enshrines in law the idea that the recursive resolver must lie to the client, which is exactly what DNSSEC was designed to prevent.