It was my discussion topic for a security extra course. I am curious to hear some more discussion:) In particular about the key-pinning, I think Bizantine Consensus should be the only way to handle the public keys delivery. Trusting "at least" one of pinned CAs looks only mildly better than what is out there now.