ccTLDs discussed this issue at July ICANN. Don't take this as gospel, but I don't think a single medium or large ccTLD is going to implement DNSSEC unmodified.
I know of three that have indicated a rapid adoption of DNSSEC is planned, once the IETF nails the specs. Rumour has it that the IESG has ok'ed them, code is available.... give the registries 3-9months to hammer out the backoffice issues and I posit visable DNSSEC signed zones mid-2005 then there are the other TLDs and the infrastructure stuff... Verisign has an active testbed for signed .NET entries and RIPE is certainly headed in the direction of signed reverse trees.
In fact the Europeans have said their privacy laws would give them grief if they do. They, like .nz, are keen to be able to implement DNSSEC and some of them are working on the patches I referred to. By the end of the year it may be clear what is happening.
Some europeans have said the EU privacy laws are not germaine to the DNS, since personal data is never exposed. Thats in the whois data. And it might be worthwhile to look at the recent APNIC policy of restricting public access to registration data. patches will have to go through the IETF and have code written... there will likely be a several year wait for such to be visable. meanwhile, the number of zones protected by DNSSEC will grow. --- he sez looking into his crystal ball... :)
DPF
--bill