yeah. seems legit.
well some thing that have no real importance and/or personal info need neither auth nor crypto, or as I said where authentication would be useless anyway e.g. in point to point connections also many places where you dont encrypt might or might not need authentication, for example I dont care if somebody sees me downloading teamviewer, VNC or whatever but I certainly dont want that that stuff gets tampered with, and in certain high performance scenarios where privacy is not an issue but it should be tamperproof auth without crypto might come in handy as well because you dont need to crypt and sign but only sign.
technically authentication even happens in normal life, for example when you speak with a friend and he has a clearly different voice you know that something is wrong.
but in internet connections authentication is important on most sites especially considering that you enter personal data at many places (even if it’s just a password only for that site)
also about the intresting encrypt or not part:
with DNS and DNSSec I think the authentication is important no matter whether the stuff gets sent encrypted or not (and they are taking it seriously, they take SEVEN people every 3 months to sign the new DNS Root Zone keys while the key signing key is locked tight at all other times, and to transfer the actual key we need even more ppl, let me see all 7 crypto officers, the 2 safe admins, the internal witness plus the ceremony admin, making eleven people for that thing.
one main reason why DNSSec doesnt need to be crypted is that the DNSSec then has the problem of how we work the crypto keys and so on, which gets a it annoying, especially since I think that CAs as they are now are a bad model in general (as I said earlier anyone can certify anything) because it makes misissuances easy enough (we remember verisign/symantec, do we, oh and now bluecoat (maker of mitm hardware) has their own intermediate cert which has no restrictions aside from pathlen 0 which means they can make domain certs as they want.
also a very important point as I said the level of authentication should be reasonable. in enough cases it would be even enough if they are authenticating by their domain or even going a bit weirder a socialnetwork username/ID (obviously one that CANNOT be changed or taken again by another person) so I would know for example (important this is fictional) that a person who would go by “linuxabc” on google+ makes a software and has a forum related to that, I dont need to know the real name of that person since that isnt shown to me in most occasions anyway. in that case an identity cert would bring me nothing since I cant establish the connection between the person where I know the stuff come from (linuxabc on google+) even if I knew that the operator is called “John Smith” (especially in cases of very common names it helps even less, not to forget that the name of a person can change easily by marrying which could lead to confusion if the people) an there it would be more helpful to have the identity link by their online identity.
so the question is also where you put the “identity link” as I like to call it.
even if your name would be in the EV cert you have instead of comodo many people dont know the names of the CEOs and stuff of companies and even those can change, like it happened with google when the 2 main people went to alphabet) that’s why EVs use the company name as identity link.