There is something called DANE SMIMEA which is similar to your proposal and something @k00b could use to verify "orange checks" that ties a domain to an email address and public key if he thinks its worthwhile.
The DANE SMIMEA standard was adopted as rfc8162 in 2017
reply
I haven't found a simple way of generating a dns record. gpg --export-options export-dane email@address.tld is one way, but I can't get nsupdate to accept that format.
reply