You misunderstand what CAs are. Or, indeed, what their certificates imply.
CAs don't provide permission, they vouch for an identity.
Saying that CAs give you permission to communicate is like saying notaries give you permission to sign a contract. You can assert your identity without verification as long as the other party in the relationship is fine with the increased risk of fraud.
Similarly, you can use HTTPS without a signed certificate (precisely as you can use HTTP without HTTPS) as long as you and the other party is happy with the risk that Verizon could be "sanitizing" your speech or injecting your real-world identity into all your HTTP requests without your knowledge.
But both the site operator and visitor stand to lose from someone tampering your traffic. And increasingly, it's the users that are getting burned in this relationship.
- Your address needs to be given to you by your ISP or ARIN.
- Major ISPs need route to your address and/or accept your BGP announcements.
- You probably need a name which is bought from a few large DNS management companies or their resellers.
- You're required to have an email address to field abuse complaints which means you most likely will be paying an email provider.
- If you're not running your own hardware you will have to pay a hosting company.
- If your site is large you'll probably need a CDN to handle the traffic of which there are only a few major players.
- Although it's a blacklist you effectively need Google's blessing to not appear on the SafeBrowsing list.
Is the CA system really that much more of a hurdle? No question it's a little scummy at times but it's cheap and relatively low maintenance.