(no title)

I respectfully disagree with that second part. The risks for DNSSEC/DANE might be higher, the rewards are bigger too.

TLS gives me a secure channel only when I connect to the right (i.e. expected) server. A TLS encrypted and validated connection to a wrong party is the threat here.

As user, I don't know which is the CA for any given domain. And Chrome only caches a small subset. Otherwise we wouldn't need neither CAs or DANE, self signed certificates would suffice ;-)

Either I have to trust that there are vigilant parties that monitor all CT logs against fake certificates or my user agent does that for every connection, blocking when it finds double certificates.

With DNSSEC and DANE, my agent fetches the address and CA for the site and validates these against the TLS handshake.

From there, HSTS will protect future lookups so it becomes a TOFU issue.

Besides, the middle-box problem is being resolved with DOH over TLS1.3, isn't it?