Yes, it's better because you now only trust one party [1] what's much better than 600 random companies around the world. But it's not a panacea, that still puts too much power into governments hands, and still relies too much on a third party that can be hacked, bribed, threatened.
I'd still like it better if browsers pinned the key of every site I access, and issued a warning if it changed without the new key being signed with the old.
[1] Ok, a few, because you don't contact ICANN directly when you get a domain.
Yes, it's better because you now only trust one party [1] what's much better than 600 random companies around the world. But it's not a panacea, that still puts too much power into governments hands, and still relies too much on a third party that can be hacked, bribed, threatened.
I'd still like it better if browsers pinned the key of every site I access, and issued a warning if it changed without the new key being signed with the old.
[1] Ok, a few, because you don't contact ICANN directly when you get a domain.