[bigj0n]

Couldn't you add additional certificate authorities to your browser at will?

The CA system is decentralized by nature. If the existing authorities start trying to manipulate your internet by controlling who they verify, which hasn't really happened that I'm aware of, you can always add a new root certificate. Or consumer browsers can offer new CA roots out of box.

[gambler]

The point isn't what you can do as a user. The point is that Google adds more and more hurdles to running a website without plugging into the CA chain.

CA chain is centralized. Plus, it requires you to have a domain name. DNS is also centralized (although to a somewhat lesser extent).

Effectively, we're seeing yet another step in hyper-centralization of the web.

[ehutch79]

How many websites do you actually use don't have a domain name?

also, as above, there is no one root CA. you can add and remove any ca from your system. most users don't because why would you trust a random ca from some random site.

What's the actual problem here?

[Crinus]

That i do not want some third party's permission to make my site and desktop applications available to everyone.

Note the one you asked, but i have the same issues with the certificate mafia.

[denkmoon]

Getting modern browsers to accept your CA is a huge pain, different per browser and OS, and barely anyone will do it.

The moment anyone starts a community CA for this they'll just blacklist it.