You understood my point perfectly well. You can become your own CA for much less than a few hundred dollars. Are you going to be handling millions of customers with that kind of investment? Duh, no. You can become a miner for a few hundred dollars. Are you going to be making as many blocks as ASICMiner? No.
Basically any activity that involves serious work turns into a market, and that market often ends up with big players. That does not make it less of a market.
If you think all the existing players in that market suck, go ahead and shake it up, just like StartSSL did.
I'm sure you know enough economics that I'm talking about return on investment curves: for mining that curve is fairly flat, and your ROI is similar regardless of what scale you are mining at. (and actually, smaller scale can be more profitable because getting rid of a small amount of waste heat is a lot easier than getting rid of a large amount)
StartSSL on the other hand proves my point: with CA's you have a very large upfront investment before you make any money at all. In StartCOM's case they operated their StartSSL CA as a money losing educational project that took years before browsers started included them in their certificates. It's a huge barrier to entry, one that makes the CA market entirely unlike mining.
Just an example of how you love to make arguments that even you should know don't make much sense. In this case that habit of yours is extremely harmful, because that kind of dishonesty gives credence to those writing technically unsophisticated paranoia; non-technical people who understand that your economic argument made no sense are likely to make the assumption that what you're saying about security is bogus too.
By virtue of existing https use, the voting is active and ongoing.
The only robust, deployed systems in active use are SSL and PGP.
You can add Tor to that list, specifically bookmarks of .onion sites.
A decent idea for a payment protocol extension would be to work out what kind of UI and other details would make sense to make it possible for a user to add a .onion URL to their second-factor wallet so they could verify a payment request against a .onion URL correctly.
A logical next step would be to do some work on a reputation/timestamping/something else entirely system, to make it easier to detect the case where the .onion URL you got was itself invalid and not the one that the majority of users of the site use. Done right this stuff could eventually lead to a namecoin-style system, but with typo-squatting less useful among other things.