all terribly nice now how do you prevent Certificate Authorities screwing up
if anyone tells me there is a certificate transparency log I'll laugh...
basically you need a way to establish trust and frankly that requires a root or offline signing party and expensive safes (you know what they do for DNS party)
this has been rehashed (boom boom) so many times
Biting the hand that feeds IT
