> The mode of DANE which I, personally, find to be the most intriguing, is one which specifies which CA should have issued a certificate. This is amazingly awesome, because as it stands today, the entire CA trust model is only as strong as the weakest CA in the global trust store.

Hear hear. Today's root-store trust model is bad, and we need an upgrade.