DNS SEC doesn't seem any closer to solving this problem, unfortunately.
Do you know of any designs that require a quorum at each level prior to trust? BitCoin seems to be having success with this model, but I'm wondering if anyone's built something like that with the primary intent of creating a directory service.
I don't think they have, much of the work on directory services died when people gave up. DNS was "too hard" to change and Microsoft wasn't going to let anything make into a standard that killed off the need for Active Directory. The LDAP guys, being formerly X.500 guys, went off solving a different problem and ended up somewhat stuck between AD and DNS. Sad really.
That said, your idea about poaching the Bitcoin quorum ideas is a good one. Essentially a data structure, equivalent to the block chain, where it only gets authenticated if enough people ack that its the most valid version of reality. Probably a publishable paper in exploring that question.
I love the fact that AD, and this newer posixy clone FreeIPA essentially operate as independent but interdependent directory services: LDAP, Kerberos, and DNS, and they still need X.500 in the form of SSL CA trusts to finish gluing it all together.
You may see an email from me in the next few weeks asking for feedback on such a paper.