There's been a lot of discussion lately about how to know if a vendors public key is correct, and how to ensure that it hasn't been manipulated. It seems there are people trying to solve a tangentially related issue - verifying that certificate authorities are not minting keys for domains they're not authorized to.
Throwing this out here, as I did not see this discussed originally.
https://www.certificate-transparency.org/
https://github.com/google/keytransparency/
https://security.googleblog.com/2017/01/security-through-transparency.html
I lack the time currently to do this, but it seems feasible to reuse their ideas to help ensure vendor keys are accurate.
[deleted]