I haven't found a simple way of generating a dns record. `gpg --export-options export-dane email@address.tld` is one way, but I can't get `nsupdate` to accept that format.

Brunswick

The DANE SMIMEA standard was adopted as [rfc8162](https://datatracker.ietf.org/doc/html/rfc8162) in 2017

bitcoin

Digital signatures to prevent name squatting on SN?

There is something called [DANE SMIMEA](https://incenp.org/notes/2015/keys-in-dns.html) which is similar to your proposal and something @k00b could use to verify "orange checks" that ties a domain to an email address and public key if he thinks its worthwhile.