[chrisdotcode]

So in 2019, you're saying that LE would have been fine with serving 50% of all Android users certificate errors, is that correct?

If so, what would make them suggest such a plan in the first place?

[rlaager]

Initially, they likely didn’t think they had a choice. The root that had cross-signed them was expiring. (And I wonder if anyone else was willing to cross-sign them.) It turns out that root expirations are handled differently (i.e. ignored) on some platforms, including the relevant old Android.