[inopinatus]

The DNS spoofing threat already existed; you have TLS as a partial mitigation. DNSSEC w/DANE is a better mitigation. (Ok, plenty of warts in DNSSEC but it is available today). I'd be more worried about the malicious web developer threat - it's almost trivial to exploit.

Generally - if one is going to throw around the word "federated" but without properly leveraging the DNS, then the wheel is probably being reinvented; along with a host of layering violations that result in the many misbehaviours discussed here.

The absence of SRV lookup capability in Mozilla is open issue (bug #14328) since 1999.