I published an article on the IBM SecurityIntelligence blog on Bind Certificates to Domain Names for Enhanced Security With DANE and DNSS
The post has a very brief introduction to HTTPS and the flaws in the certificate validation process. I then cover solutions to the problem by publishing certificates in DNS via DANE, DNS-based Authentication of Named Entities. DANE is a protocol that uses DNSSEC and that can enhance the security of your email (transport).