CNNIC Root Inclusion: the Conclusion?

[makrober]

I propose that the long and extensive discussion of the subject,
here and on bugzilla, suggests the following general conclusion:

As the number of certificate issuers (with different profiles and
motivations), and the population of users (with different security
requirements and threat models) grows, a point has been (or will be?)
reached, where the current concept of a "Universal Trusted Third Party",
one that is accepted by a software provider on behalf of, and
distributed to, all its users, is becoming (or will quickly become?)
inadequate.

Consequently, the existing model of certificate acceptance and
distribution must be re-examined, either now, or this will have
to be changed in the near future.

MacRober