> <i>The mode of DANE which I, personally, find to be the most intriguing, is one which specifies which CA should have issued a certificate. This is amazingly awesome, because as it stands today, the entire CA trust model is only as strong as the weakest CA in the global trust store.</i><p>Hear hear. Today's root-store trust model is bad, and we need an upgrade.