OK, OK... now tell me if it makes any difference for your browser/app if the certificate is generated by some respected CA or a crappy one. There is no "trust level", just yes or no. Any CA can provide ANY certificate for ANY host. You control one CA, you control them all. If you can make any accepted CA generate the desired certificate, by bypassing identity validation, by political force, by social engineering, by whatever, SSL is just useless. It just protect you from someone a little more "powerful" than yourself. Correct me if I'm wrong but many respected CA can be persuaded by big countries, isn't it? How I love my PGP.