The viability of Open CA Authorities (http://ask.slashdot.org/article.pl?sid=08/07/18/1721234) just took a big step in the right direction. It's a small victory ($0 domain-validated certificate compared to a $15 GoDaddy domain-validated certificate) but it could change the SSL industry.

One issue with this approach is that there are several legitimate reasons for changing the certificate on a server. What if you get a new server and want to get a new key? What if your private key is compromised? What if you want to upgrade to a different type of certificate that you can use on many different sites and machines (UC, Wildcard, EV, etc.)? What about when you renew your SSL certificate every year?