I'm starting to think that a service such as SSL Labs should also grade CAs (perhaps by looking through Certificate Transparency logs as well, once all CAs have to use them).
Then if you use like a "C-rated" CA, your HTTPS score is also limited to B. A B-rate CA would limit your HTTPS score to A, and only an A-rated CA would allow you to get A+ on SSLabs. Something along those lines.
I imagine rating the CAs would be quite a complex task, but they could start with the big ones first that own 80-90% of the market.
For that to be useful, browser vendors would have to start showing something other than a binary "secure" "not secure" setup to the user along with some of that info.
Also, it sounds like something that will be very easy to corrupt.
SSL Labs is a tool mainly used by the website owners/administrators, not so much by end users (and if at all an end user will then complain to the owner about a low rating).
Downgrading the rating because he used a "fishy" CA might motivate the website owner to switch to a CA with better standing. The bad CA will feel pressure to clear their standing.
the best hope is google itself doing it, since most users probably won't look at the secure vs secure-but-not-quite unless it's a scary warning page. Ranking websites lower though and the marketing departments will start calling.
Then if you use like a "C-rated" CA, your HTTPS score is also limited to B. A B-rate CA would limit your HTTPS score to A, and only an A-rated CA would allow you to get A+ on SSLabs. Something along those lines.
I imagine rating the CAs would be quite a complex task, but they could start with the big ones first that own 80-90% of the market.