I must have a thousand questions. I'm making one comment per question as that seems reasonable. Posted in no particular order. As of 2026-02-25 I have 22 questions.

I typed up all these questions not knowing there was a February AMA. I'll have to watch that later to see if any of my questions are answered there.

---

This question/comment comes with 20/20 hindsight.

In the web PKI, general practice is to replace CAs LONG before they expire to allow plenty of time to transition. Why did industry take so long to start replacing these certs? Would have been better to start replacing these certs back in 2018 or 2019 at their half-life.

In case you didn't notice, hardware has become expensive and (for some customers) it's harder and harder to ask for budget just because devices are long in the tooth. Rolling out these keys/certs back in 2018/2019 would have made this far less of an issue when it comes to hardware lifecycles.