[cpach]

That makes me curious, what workarounds did Netflix employ?

[WorldMaker]

It was the BBC I was actually thinking about, and it's a part of this article (which also mentions this Let's Encrypt root change):

https://scotthelme.co.uk/impending-doom-root-ca-expiring-leg...

Previous HN discussion on that article: https://news.ycombinator.com/item?id=23455463

[Aissen]

When you control the client, it's simple, you can do pretty much anything: embed your own HTTP stack, TLS stack, your QUIC stack, or simply your PKI, or subset of the webPKI.