[pas]

Thank you for the detailed answer!

It's unacceptable that operational matters are not handled by a standing ops team that covers so and so gov agencies.

(And at least Apple did something useful by pushing for shorter validity time for certs.)

[nightpool]

Yes, everyone in the WebPKI community is pushing for shorter validity lifetime. But as you can see in the parent thread here ("Which is yet another chore. And it doesn’t add any security"), everybody is mad that browsers are pushing for shorter certificate lifetimes.