From what I understand, and as I said I don't know much, the purpose of not self-signed certs is to provide trustworthy information about identity of entity that controls the domain.
I think that only government that issues my ID is the only party that can confirm my identity, so it, rather than private corporation should sign my cert only after it verifies my identity in the same way it would if for example I would testify in court.
If I wan't to associate cert with a company, only the office that registered my company can provide meaningful assurance about identity of my company.
The security of the system for propagating this assurance of identity of entity should not rely in any way on authority of any entity, public or private.
Also the assurances should be explicit. If someone confirms that I paid the utility bill for given address should only say that they confirm that I did that, not that I live there.
I think that only government that issues my ID is the only party that can confirm my identity, so it, rather than private corporation should sign my cert only after it verifies my identity in the same way it would if for example I would testify in court.
If I wan't to associate cert with a company, only the office that registered my company can provide meaningful assurance about identity of my company.
The security of the system for propagating this assurance of identity of entity should not rely in any way on authority of any entity, public or private.
Also the assurances should be explicit. If someone confirms that I paid the utility bill for given address should only say that they confirm that I did that, not that I live there.