[phasmantistes]

The new ACME feature isn't just about surviving the revocation event itself. Suppose that the new API didn't exist, but every client polled on a daily basis to check to see if their cert was revoked. Then great -- within 24 hours, every server gets the new replacement certificate.

And then 60 days later, every single client tries to renew that certificate. That's another 200 million certs in 24 hours. And that'll repeat every 60 days.

So the ACME draft is also about being able to pro-actively smooth out that renewal spike. Some clients would be told to renew again immediately, less than 24 hours after their replacement. Others would be told to wait the whole 60 days. And then after a couple months of managing that, things would be back to normal.