Why are we relying on single providers, shouldn't it be a consensus system of some form, like month old certs get passed on in bulk outside of the main network, then if the original provider is compromised their cert info disagrees with the "consensus" providers indicating a compromise at some point.

High profile sites can buy multiple top level certificates (with mutual signing, say); sites needing less security can fallback on a simplified consensus system (maybe like above).

Workable?