Certificate authorities have enormous trust placed upon them by every Internet user (whether they know it or not). Commensurate with this trust, they have enormous responsibilities. As the name implies, the Baseline Requirements are the minimum standard they should achieve. If they can't even do this (being unable or unwilling to revoke issued certificates within the required time-frame), then they do not deserve this trust, and it should be removed.
I understand that the TRO prevented them from revoking approximately 70 certificates, and there really is nothing they could have done differently in that case. Their other revocation failings are inexcusable.
I understand that the TRO prevented them from revoking approximately 70 certificates, and there really is nothing they could have done differently in that case. Their other revocation failings are inexcusable.