yeah but sort of
1 - if all you want is encryption. No need to to bother with a CA.
2 - the purposes of the CA is to establish trust - the encryption is a by product really. However the sales and marketing beef sell "secure / encryption blah blah" because its difficult to sell certified assurance/trust.
The certificate is meant to give assurance that the entity you are sending data to has had its identity validated by a trusted third party. The third party is "trusted" because they are audited annually and have to provide those reports to the browser programmes for their roots to be in the browser.
in relation to 2. the limited identity validation by low end certs is a real pain and should be stopped.
The other approaches are dependent on what the CA puts in its CPS and/or relying party agreements. So then end user should only "trust" based on what the CA has done to validate the identity. - Almost no-one does this. I know very few places that have read a CPS or the relying party agreements. Average Joe certainly doesn't if ever to my knowledge.
The core does have problems. For instance, legacy roots provide ubiquity across browsers and this creates a cartel scenario to some extent. IMO all roots in the browser program should have a shelf life (and actually expire and be removed), and that all CA's operate on a level playing field by standardising validation procedures for SSL certs.
Hearing about CA's that bought other CA's for their root certs that "still work in IE3/4" is nuts. Those browsers shouldn't be the reason we have certs that are so old still in use.
Standardised validation, "legal opinion" option should be phased out. You either prove your identity or you don't get a EV cert. validation is substantial and the CA's do take it really seriously. However EV also introduced new roots. If all other SSL certs could be switched off. We could re-engineer our CA's only to issue EV without necessarily having to cling on to CA's that are not doing a good job.