[iuafhiuah]

I don't see announcing a public key being much different to PGP or other trust systems. If I say I sign my messages with `63847B4B83930F0C` and you save that information you'll continue to trust that it's me in the future even though there is no proof I still control the private key.

If anything, as far as I'm concerned, DNS-based challenges are a stronger proof that I own the domain as it requires access to the nameserver. HTTP-based challenges just prove that I have access to a computer pointed to by a DNS record which is far easier to get wrong. This is why wildcard domains cannot be issued to HTTP challenges, just because I can serve a file on a subdomain doesn't mean I own the parent domain.

But I agree, using a key-based DNS challenge would be a new feature. It was discussed before but at the time LE devs didn't come to a consensus with how to move it forwards.