I am again baffled. If a CA issues a rogue certificate and, as is likely, is rapidly caught because 10 million people have an already-loaded pin for the real certificate, Google can nuke the CA from orbit. Google cannot nuke .COM.
How could a government-run PKI possibly be better than a network of crappy private companies? At least the companies have to respond to incentives.
Ok, now we're getting somewhere. Our proposed end-states for security are different:
You: TLS connections have a high likelyhood of being secure but they will be MITM'd by some CAs some of the time. We put mechanisms in place (pinning of individual certificates) to in the long run detect most of those attempts are disable those CAs.
Me: TLS connections are known to be secure to the people in the trust chain. (I trust my registrar, who trusts .COM, who trusts the root). No other parties can breach that trust. We put mechanisms in place (pinning at all levels) to detect misplaced trust (the USG creating a new certificate for .COM) and make a fuss when that happens.
If you have enough trust in the democratic process being able to control the chain of trust you'd go for my solution, if not you'd go for yours. It sucks that we live in a world where that choice isn't clear.
How could a government-run PKI possibly be better than a network of crappy private companies? At least the companies have to respond to incentives.