[thatcks]

I think I can boil down an example about why I prefer not to talk about trust by itself as it relates to CAs. Imagine a hypothetical version of Let's Encrypt that has all of its operational excellence and security, but that uses root certificates that are not cross-signed and not included in any browsers. I would argue that this CA is exactly as trust-able as LE is (by hypothesis its procedures and technologies are the same, and we trust LE's), but clearly it is not as useful as a CA as LE is because it is not included in the root set of any browser (which we call 'trusted' and which generally implies that the people behind the browser believe that the CA will not issue certificates improperly).

If we say that this CA is not 'trustworthy' here, what we really mean is 'this CA is not in browser root sets and so the TLS certificates it issues provoke browser warnings'. This is useful in one sense (it is what most people care about), but I prefer to be explicit about what we mean (partly because 'trust' is a loaded term with tangled implications).