Your point? Unless there's a DNS compromise, AND a cert is issued by a widely accepted CA which doesn't verify the actual domain, it's not a real issue. Someone trusting a link to paypall.com isn't an https/cert issue, it's an issue of ignorance. It's not any more serious than a fishing attempt which looks for email responses, or Rachael from Cardholder Services calling and asking for a credit card number and someone believing them. And what if someone does create a real "Organizational Identity" of Paypall? Then the difference between DNS and organizational identity is nil. Ultimately, people have to exercise due diligence, or they'll get burned. Trying to tell them that there are technical solutions for their naivete is a counterproductive lie, only instilling a false sense of security.
What's really interesting is that the