I'm not talking about just anchoring a hierarchy at an alternative root. What I mean is that as far as I know, nothing (DNSSEC notwithstanding) really prevents breaking away from the strict hierarchical model altogether and doing something like a system with web-of-trust or filtered by heuristics. From there it's possible to think about how to build a genuine consensus beyond "ICANN says these are the root servers; who am I to argue?". For TLS (DANE notwithstanding), I very well might misunderstand the situation but I thought it only mattered that the client, server, and CA agree on the server's name, not that they agree on a particular delegation of authority for assigning that name.