Paul Kocher, a leading cryptographer who helped Netscape invent the system, told me that the economics of the modern certificate industry are bad for users’ security. Although a free nonprofit authority called Let’s Encrypt has gained ground recently, most authorities charge website owners for certificates. These certificate authorities offer such similar products that competition forces them to lower prices. This in turn compels authorities to operate cheaply, which can lead to shoddy security. One way authorities can make money is to offer services that others won’t—services that skirt industry rules, perhaps by enabling surveillance. Kocher said this doesn’t mean that all authorities misbehave, just that “the pressure for certificate authorities to behave badly are very, very great.â€
Article source: http://www.slate.com/articles/technology/future_tense/2017/05/google_is_making_sweeping_changes_to_how_we_keep_secure_websites_secure.html