In my previous post, I was suggesting to *not* include the proof in the
request, because the payer can download it independently. Only the final
signature is needed. What makes DNSSEC interesting is not the size of
the proof, but rather the fact that you can request it easily, and in a
canonical way.

Yes, but you still need the final signature. Is it possible to use an EC signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong about that, and all you need is 32 bytes, then my argument does not hold.