1. The owner of Site A, create a private/public key pair, this par contains a Public Key. The owner then Hashes the public key and creates Hash(KeyA).
2. The owner of Site A then creates a new BitDNS transaction that contains "SiteA" and Hash(KeyA).
3. A user looks up Site A in the BitDNS record and gains it's IP address AND Hash(KeyA)
4. Then this user, navigates to Site A's IP address, and is sent Key A, and a signed welcome message.
5. The user checks if Hash(BitDNS KeyA) == Hash of (IP KeyA). If this is true, then a man-in-the-middle attack is impossible.
I don't know about step 3. That is, I wonder if it's sufficient to simply have A's public key and then get the IP address through other means, making sure it's signed by A's key.