A certificate authority is really just a new version of an old scam...very similar to a mafioso protection and extortion racket. They offer you protection (from mostly their own thugs), and extort money from the sites they pretend to protect you from. In the end, its all just smoke and mirrors. Businesses have been creating their own certificates, bypassing the authorities (much like Russia is doing), for many years. SSL/TLS strippers can circumvent it, as can adware purveyors (think Superfish). It offers zero protection from TLAs or blackhatters who routinely defeat it. It is much ado about nothing. Mostly it is just a censorship tool. Sites that don't pay the fee to keep their certificate updated are frozen out of the internet by these 'authorities', and those sites the authorities don't like are refused certificates. As Russia has shown, it ain't really about whether or not a site is or ain't who/what they claim to be, but just a blacklist to silence anyone the authorities (or their puppetmasters) target.