[progbits]

Revocation lists can be distributed.

[lxgr]

Yes, but they still originate somewhere, and if that source goes offline, you're still at risk of accepting stolen credentials.

[VorpalWay]

Yes, but under the assumption that downtime is typically short (a few hours), that small risk seems better than a foreign nation state actor being able to block essential services like identifying with healthcare, or sending transactions.