There's two problems this exposes. One, it takes a very long time to dis-trust a root cert. This means some people's connections could be exposed for a very long time.<p>Two, the method for update shown here is to upgrade your browser. Not everyone <i>can</i> upgrade their browser. Corporations often lock down browser updates, and take a very long time to upgrade. Sure, it's fine for you to say "that's the corporation's fault, too bad for them!" but the users of those companies still have to suffer in the meanwhile - to say nothing of vendored smartphone OSes with slow updates...<p>The other problem with upgrading is legacy computers run very old browsers. I don't know if you've tried to browse the web on an old computer with a new browser, but here's a secret: <i>it doesn't work</i>. New browsers have so many "advancements" that they bloat and crawl on older machines. So effectively, the means of being able to use the internet requires you to buy a new machine.<p>If operating systems immediately shipped patched CA lists, and browsers immediately used them, that would patch the legacy browsers. But it would not prevent sites from immediately breaking. So no matter what, either we wait forever to dis-trust certs, or we break sites.<p>Clearly we need an option C that will allow site owners to upgrade their keys immediately and without issue, and users to update their CA lists immediately and without issue. ACME is a good start, but it too has issues that need to be solved.<p>In addition, the whole idea of trusting hundreds of root certs to sign for every domain is just crazy. We need a method to sign certs only by the organization who actually has responsibility for ensuring the ownership of the domain: the registrar.<p>CAs are a great "hack" because they allow browsers to verify certs of sites without ever putting any onus on the registrar, but they also have a wacky "trust" model. Any of hundreds of organizations can verify who controls the IP space of a domain, one time, and issue a magical assurance of this, which is trusted until the assurance expires in several years. This can be overridden at any time, and it has nothing to do with who <i>actually controls the domain</i>, which is the registrar and the user who registered it. All the current system really verifies is who controlled the DNS at one time, which is merely pointed to by the registrar, and can be hacked independently of the registrar, meaning there are extra attack vectors.<p>Yes, lots of little extra "hacks" have been added as stop-gaps, like CAA, and Certificate Transparency, the now-defunct HPKP, and the future implementation of cert issuers verifying the DNS and host integrity from multiple ASNs. But these are just to keep the status quo limping on, and ignore the unnecessary risks the current design imposes. We need innovation and better design, not hacks.