> without something on the order of "I expect packets from this list of servers certificate"
Even now as it is it's worse than it should be: I can't control which pairs of (address,certificate) will be allowed to be accepted for specific sites. Instead, every browser vendor allows any "man in the middle" with the access to any CA (and CA's are known to be very bad(1)) to insert itself between my own server and my own client.
If you want secure browser access to some resource (for values of 'secure' where it matters more than your bank account but less than situations in which you wouldn't trust _any_ browser), you really need to remove certs from any commercial CA and install only the CA you need.
I know that it is possible to somehow achieve that, the thing is, it should be possible by default, so that I can simply say to e.g. my not-too-technical friend "this is my server, this is my cert, click there in your browser to compare the cert for my site before you connect and the browser will provably also not trust anybody else but your check."
This should be a basically available scenario for the secure connection, just like what we have in SSH. Don't believe "the users are too stupid" excuse. It's just an excuse:
DNSSEC is required to secure DNS responses which can be crucial to prevent "every crooked CA" to issue a cert for you. If CAA was interpreted by the browser, you could determine exactly which CA is trusted to issue certs for your site and DNSSEC would ensure that the browser gets the correct list of trusted CAs.
Even now as it is it's worse than it should be: I can't control which pairs of (address,certificate) will be allowed to be accepted for specific sites. Instead, every browser vendor allows any "man in the middle" with the access to any CA (and CA's are known to be very bad(1)) to insert itself between my own server and my own client.
1) Read and weep: https://arstechnica.com/information-technology/2018/03/23000...