There is already quite a bit of work done regarding using DNSSEC as a PKI for distributing keys(any kind). One relevant paper is http://www.acsac.org/2005/papers/49.pdf.
The nice part about storing public keys in DNS and authenticate them using the trust chain starting from the DNS root servers, is that you have a solid foundation that can be used for all kinds of interesting applications, much more than just encrypting traffic between the webserver and the client. As an example, we had a project where we stored a public key in the txt field of a domain name(signed), and we would sign all HTTP responses with that key. The client could then get the public key via DNSSEC and verify the signature of the HTTP response. The advantage over SSL is that you get authenticity and integrity for each HTTP response. http://tnc2010.terena.org/schedule/posters/pdf/100511170332n...
The proposal from EFF also leverages DNSSEC as a trust source, which I think is better than the current PKI that we are using, but its not without its flaws. The biggest problem is that you are still dependent of a 3rd party(registrar) to give you that trust, and usually these kind of entities are very prone to being influenced by governments. We can see what kind of legislation some governments are trying to promote, so I'm not sure if a centralized solution is the best way we can go :)
The nice part about storing public keys in DNS and authenticate them using the trust chain starting from the DNS root servers, is that you have a solid foundation that can be used for all kinds of interesting applications, much more than just encrypting traffic between the webserver and the client. As an example, we had a project where we stored a public key in the txt field of a domain name(signed), and we would sign all HTTP responses with that key. The client could then get the public key via DNSSEC and verify the signature of the HTTP response. The advantage over SSL is that you get authenticity and integrity for each HTTP response. http://tnc2010.terena.org/schedule/posters/pdf/100511170332n...
The proposal from EFF also leverages DNSSEC as a trust source, which I think is better than the current PKI that we are using, but its not without its flaws. The biggest problem is that you are still dependent of a 3rd party(registrar) to give you that trust, and usually these kind of entities are very prone to being influenced by governments. We can see what kind of legislation some governments are trying to promote, so I'm not sure if a centralized solution is the best way we can go :)