[Natanael_L]

There's many ways, all obnoxiously complex unless you go back to a CA-ish voluntary trust model.

Keys as addresses (I2P, Tor hidden services, CJDNS) fixes a large part of the security problem, then on top of that you can add your choice of address translation. WoT style individualized trust webs? Trusted lists of name assignments DNS style? First-come first-serve á la Namecoin?

[xorcist]

Not necessarily. You could also place domain validated trust in the registrars, to cryptographically verify their delegations. That would build a chain of trust which you in turn could use to validate keys for services in those domains.

[Natanael_L]

That's the DNSSEC+DANE approach and that's still the same as the DNS approach I listed (trusted name registry lists), except that the address isn't an IP-address (or in other words, your domain's DNS server that says what IP addresses your subdomains have is itself identified by a public key).