Method for in-the-wild (public) DNSSEC?

[Gushi]

I've looked around on google with no great results, so maybe one of the
dev community can tell me.  Is there a draft for DNSSEC done "at
large", i.e. not confined to one domain?

Such a thing would of course require some sort of method to publish and
verify certificates/keys against some "trusted" root store (which I
guess would also require either static coding or publishing)...I'm not
sure if this would be an extension of DNSSEC or an entirely different
animal.

It also makes some slight sense if such a thing could be authenticated
using the same sort of certs one buys for SSL, since there's a
reasonable assumption of domain verification there -- but there may be
some obvious loophole I'm missing.

Not looking to start a flame war, just looking for links and/or useful
search terms, RFC numbers, draft urls, etc.

Thanks,

Dan Mahoney