You mention that the revocation-check problem is old, which is certainly true, but I think you allude to the possibility that a domain-registry-based hierarchy will exacerbate that problem in the form of an increase in revocation checks. I'm not sure that would be the case; it should be about the same. What difference does it make if I owned a domain, got a cert from a CA, and stopped owning the domain -- vs -- got that cert from my registrar? If anything this helps the process, because my registrar knows when I stop owning the domain whereas a CA has no clue and relies on the cert's expiration date exclusively.
I guess you're right - I was considering the fact that someone once owned a domain was a threat, but it is already.
But with a delegated chain of certs, the problem does get worse - not least because you'd require individual domains to manage their own certificate revocation.
But since there's basically no secure way to obtain CRLs or perform OCSP cert validation, it's kind of moot.
Page Plus is truly amazing, especially now that they support 4G (but 3.5 Mbps throttle) as of a couple weeks ago. I just set someone up with a gently used S3 for ~$140, which if you compare specs to the S4, isn't much of a step down.
