There are 900 registrars handling
So they don't keep track of which registrars are responsible for which domains? That does seem a bit messed up, if true. My impression was that there was a formal process registrars had to go through to transfer control over a domain name—or does that only restrict domain owners, and not registrars? If the control over
Even so, DANE still gives you the benefit of domain validation without the need to deal with a traditional CA as well as your DNSSEC trust chain. You also have the option of choosing a TLD with saner access controls than simply granting 900 separate entities global write access.