You could store the certificate hashes in DNS (i.e., use DANE instead of the CA PKI) and so a MITM on the actual connection wouldn't succeed.

Right, but what if the certificate is compromised? How would your revoke it?

	▲	cyphar 20 hours ago \| parent [-]
		If the DNS entries for the certificates have a very short TTLs (i.e., 2 minutes) then you wouldn't need explicit revocation infrastructure. It would probably take more than 2 minutes for CRLs or OSCP changes to propagate anyway. (I'm not necessarily in favour of this, I just don't see the revocation part as being the main issue.)