[wibblenut]

Well it was first drafted in 2002, and Jakob Schlyter actually wrote about it recently: http://www.circleid.com/posts/20110327_death_of_the_pki_drag...

Along the same lines Google recently launched a DNS based service for certs it knows about: http://googleonlinesecurity.blogspot.com/2011/04/improving-s...

DNSSEC is now deployed at the root level for .com/.net/.org/.edu/.gov.