Funny you mention this.
With this new functionality, I can register valid certs for any domain in the world if their DNS is insecure, or if I can spoof it.
Have we gotten any headway yet on that whole "anyone can hijack BGP from a mom and pop ISP" thing ?
How many CAs are still trusted by browsers, again? How many of those run in countries run by dictators?
HTTPS doesn't secure the Internet. It's security theater for e-commerce.