Blindly trusting random SSL Certificate Authorities

More customizable and better certificate validation is needed. I would rather trust an expired self-signed certificate that I've seen before than a brand new CA-signed cert.

Detecting Certificate Authority compromises and web browser collusion | The Tor Blog

https://blog.torproject.org/blog/life-without-ca