

Signing (intermediate) certs have been compromised before. That means a bad actor can issue fake certs that are validated up to your root ca certs
While you can invalidate that signing cert, without useful and ubiquitous revocation lists, there’s nothing you can do to propagate that.
A compromised signing certs, effectively means invalidating the ca cert, to limit the damage





Huh, that sounds very different from my experience. Everyone taped from TV, and traded tapes, even people who couldn’t set the time or schedule it. People were so desperate for time-shifting away from TV broadcast schedule and to share videos that they sat through entire shows to record them. There were frequent glitches from people trying to not record commercials, before commercial skipping technology became common. This was also the only reasonable way to have a movie collection, given the obscene prices of movies on tape. And of course child me thought I was clever to figure out how to schedule a recording, only to be frequently screwed up by sports and political events running long - I’d schedule an extra hour and sometimes that wasn’t enough