Re: "To obtain a certificate from a CA you have to convince them of your credentials"
The CA model is broken, as demonstrated by a fair few incidents reported in El Reg and other techie media.
In the absence of a WoT made simple enough for Joe Public, a move to a distributed trust authority is overdue. M-Pin gives us the framework for that.