I didn't state it, but I was assuming that browsers would only use keys from DNS servers if they had used DNS over HTTPS to make sure they are talking to a DNS server that the user trusts.
And what if the request isn’t made via DoH (very few today are)? Do we just fallback to the existing Web PKI? If so we’d now have two systems to support until everything is migrated to DoH, which can very well be never.
Also, how do we know which certificate to use for DoH?
Also, how do we know which certificate to use for DoH?