[jrochkind1]

ok. obviously you can replace cert authorities with those systems on present DNS too, it doesn't require a "(more) decentralized DNS", right?

Replacing cert authorities with something DNS-based (or alternative decentralized DNS based) doesn't actually seem relevant to the problem they are highlighting, of sci-hub's DNS records being removed by private or government actors making it harder to find sci-hub... no?

[buffrr]

To answer your first question, with the present DNS, If you use DANE, the trust is centralized since you have to trust the root DNS keys and the registrar (imo still better than trusting a large number of CAs. letsencrypt already relies on DNS to issue certificates).