The problem with that idea is that the CA root store on your computer is a tiny subset of all the CA=YES certificates out there, because of intermediate chained CA certificates.
So what you really need is something that watches every CA cert your browser ever sees and then does detective work on them. Which is sort of what Moxie Marlinspike's Convergence project was doing.
So what you really need is something that watches every CA cert your browser ever sees and then does detective work on them. Which is sort of what Moxie Marlinspike's Convergence project was doing.