> Allowing user to just generate a domain for themselves

That's limited mostly by policy[1], the current PKI environment already allows delegating CA for a single domain.

[1] https://community.letsencrypt.org/t/sub-ca-with-wildcard-cer...

This is public data so the big guys could absoltely crawl it. But we should not underestimate the size of the PKI industry, several large actors make good living from the existing web PKI and they will not change unless their very existence is threatened.