The two things that jumped out at me were that Moxie has made a faulty assumption on the trust model of DNSSEC, and that Moxie has made a faulty assumption on the trust model of web certification.
Web certification is for relying parties to determine that a host is authorised to act on behalf of a domain holder.
DNSSEC is for relying parties to eliminate the need to trust the distributed database of DNS.
The question at the bottom of the article would lead to this if it were actually answered. Who do I need to trust, and for how long?
For the current model, I need to trust the hierarchical DNS authority system, because they hold the fundamental truth of the DNS data. I need to trust the distributed DNS database system, because I have no way to check that the answer I got is the answer the domain holder published. I also need to trust the entire CA set, because they're the ones who provide a bridge from the domain holder to me.
For the DANE model, I need to trust the hierarchical DNS authority system, because they still hold the fundamental truth of the DNS data.
In both cases, "for how long" gives the useless answer of "forever."
TL;DR: Moxie has pointed out that we place an awful lot of trust in the DNS operators, but failed to demonstrate that DANE or DNSSEC is a poor substitute for the current CA system.