That could be usable for certain specialized applications, such as the authentication of documents you mention, but for not authenticating web sites.
For domains this assumption been proven wrong in practice several times. There are too many issues with almost identical names, or names that merely look identical but aren't, or just the difference between "Amazon Web Services Inc." in two different jurisdictions.
Troy Hunt has made several long blog posts with some convincing real world examples.
It is easier for end users to see which is more reputable of "amazon.com" and "amaz0n.biz", than it is to value "Amazon Inc." against "Amazon Cloud Services". It is not that the CAs are doing a bad job. It's that domains are the identity we really care about.
Furthermore, I am of the opinion that CAs should be destroyed.
For domains this assumption been proven wrong in practice several times. There are too many issues with almost identical names, or names that merely look identical but aren't, or just the difference between "Amazon Web Services Inc." in two different jurisdictions.
Troy Hunt has made several long blog posts with some convincing real world examples.
It is easier for end users to see which is more reputable of "amazon.com" and "amaz0n.biz", than it is to value "Amazon Inc." against "Amazon Cloud Services". It is not that the CAs are doing a bad job. It's that domains are the identity we really care about.
Furthermore, I am of the opinion that CAs should be destroyed.