| ▲ | hedora 4 days ago | |
Equivalently, it also maximizes the number of sites impacted when a CA is compromised. It also lowers the amount of time it’d take for a top-down change to compromise all outstanding certificates. (Which would seen paranoid if this wasn’t 2025.) | ||
| ▲ | lokar 3 days ago | parent [-] | |
Mostly this. Today of a big CA is caught breaking the rules, actually enforcing repairs (eg prompt revocation ) is a hard pill to swallow. | ||