And we trust this new root why?
Not that you can really attach a great deal of value to the other roots you have installed in your browser by default, but a new root cert must work on all platforms before it has any value at all, and I first want to see the cert issue process before I'd trust any certs.
I get the idea of encrypting the web, but that's kinda pointless if processes are so broken that they permit MiTM attacks (on the plus side, that still makes mass surveillance a lot harder work than the simple BGP route change it needs now).