As it happens, one of the unwilling customers is the police force where I live. I can tell you what the police would have answered: "We're supposed to take down the police servers outside our normal schedule for a problem that does not affect us? Are you serious?" How do you suggest that the next CA should answer?
Easy answer.
If you are not comfortable with the basic requirements that each and every CA in the PKI is required to follow, you should host your own PKI and manage trust yourself as well.
> As it happens, one of the unwilling customers is the police force where I live. I can tell you what the police would have answered: "We're supposed to take down the police servers outside our normal schedule for a problem that does not affect us? Are you serious?" How do you suggest that the next CA should answer?
Should have picked a CA that can follow fundamental rules that apply to every CA that wishes to be trusted, shouldn't have fucked around and found out,
It's also one of the reasons why I find it so annoying that I can't disable CAs in iOS and Android trust stores manually.