This is not an small detail it is an very important point. Since you can not require that each domain owner knows each CA rules and block any one individually, the only option if we think about it is whitelisting. Because than the owner is only required to do something if he want an cert.
To keep the car example: No one would say an rental service need to forbid buying his cars to each dealer individually.