The idea being: stronger market forces leading to more competition among CAs to end up on more people’s trusted list. Combined with the option to serve multiple signatures for the same cert, this might actually just work :)
For instance say you want to go to example.com, and it says “you need to trust X CA”. Ignoring that a user doesn’t know what that even means, all of history demonstrates that a user’s goal when encountering a barrier in the way of something they want is to get rid of the barrier. Arguing for user education isnt the right response because technology needs to be designed to work with humans, not the other way round.
Instead we defer to groups like the various CARB orgs to ensure that the trust stores contain only robust CAs. Historically there have been few teeth as evicting CAs from the truststores is hard - look at how long the Symantec distrust is taking, and look at how many people (incl. HN commenters) have argued against it.
That said the addition of things like CT logs has finally given trust stores a view into what is being issued, so can finally detect poorly run CAs at the time that screw up, rather than maybe catching them months later, if at all. That then provides the evidence needed to justify distrusting a ca or auditor.
That is all a large amount of exceedingly technical work, that no regular user could hope to grasp and make a reasonable choice about.
Instead the market pressure is as it should be for CAs now: ensure you are following the rules, or risk distrust. That is pretty much the most effective market pressure you can have in the CA market.
Remember that the resources, scripts and images can be loaded from hosts using different CAs. A page doesn’t even have one CA. The only thing that is even remotely feasible is blocking one or more CAs and that causes so much disruption normal people are never going to do that.
