The mitigation for the attack you outlined is that such attacks will be detected, and the CA will get blacklisted. That may not actually work in the real world.