DNSSEC
Then you can put your own root CA on as a TXT record, and sign your own certs.
You still have to trust the Root DNS certs, but they've demonstrated themselves pretty responsibly up to this point
Then you can put your own root CA on as a TXT record, and sign your own certs.
You still have to trust the Root DNS certs, but they've demonstrated themselves pretty responsibly up to this point