There are a variety of approaches we are considering as regards this :
-
moving independently of the centralized CAs is great but still brings the initial trust issues
-
trusting the traditional CAs also exposes the same trust base
-
self verification of icert is also a viable option as that helps cement its credibility and reliability without traditional CAs
Community feedback is still very much appreciated on these