A rather interesting post replete with links and resources for considering DNSSEC/CA issues of trust