[kortilla]

No you don’t. The CAs are only necessary if you want random public devices to be able to validate your domain.

And you don’t have to trust the registrar because of what I just said. You don’t need to depend on PKI.