3. A user looks up Site A in the BitDNS record and gains it's IP address AND Hash(KeyA)
I don't know about step 3. That is, I wonder if it's sufficient to simply have A's public key and then get the IP address through other means, making sure it's signed by A's key.
Yes, all than needs to be included in the block chain is Site A's name and a hash of Site A's Public key. Gaining access to the site via their IP address can be done through any method. The point is that it is impossible to 'pretend' to be 'Site A' without having Site A's private key.
Right. I'm thinking that this could be a huge boon to security and privacy.
I'm not sure that it makes sense to talk about "sites" in particular, but I think we're on the same page.
One problem with certificates is that sometimes the private keys are secretly leaked to government agencies or "discovered" by other third parties. I think an important part of this system would be a "kill signal", that is a way for a name to self destruct by signing the order with its private key.
This way, whistleblowers who discover a private key would be able to anonymously convey the message that the site's security has been compromised. There is no reason for their pseudonym or their public key to appear in the system anymore because there is no way to recover from such a private key exposure. For instance, if a new public key were created and "blessed" by the old one, we couldn't tell if this was an action taken by the authentic person or the imposter.