DNSSEC does provide a decent chain of trust though - you can see who you are trusting in the URL, no need to check that the cert isn't issued by a dodgy elbonian authority.
It could also allow a sideband transfer of HTTPS certs, allowing those certificate chains to be combined into one, easily visible chain of trust.
Biting the hand that feeds IT
