DANE is just the hash of a site's cert stored in DNS as a TLSA record. I get that it is then signed with DNSSEC, but I don't get how this involves any governments. It's still the site operator putting the hash of their cert in the TLSA. Can you elaborate how you're 'trusting governments' when you're using DANE?
IMO it's much easier for an [NSA|GHCQ|etc] to compel a CA to give site operators broken certs than it is to deal with site operators rolling their own certs and using DNSSEC/DANE. Even if Sweden is controlling .se, example.se can create their own cert and stick its hash in their DNS. Does your model of 'trusting government' then enter into the picture because their entire domain is then signed by .se?
IMO it's much easier for an [NSA|GHCQ|etc] to compel a CA to give site operators broken certs than it is to deal with site operators rolling their own certs and using DNSSEC/DANE. Even if Sweden is controlling .se, example.se can create their own cert and stick its hash in their DNS. Does your model of 'trusting government' then enter into the picture because their entire domain is then signed by .se?