AWS has some kind of ground station service. I imagine it’s expensive though

Yeah you can still do a lot of damage in a few hours, but 45 days is a meaningful reduction in exposure time from year+

That’s a complaint about those phones not PKI in general then. Though it’s surprising their enterprise support won’t let you since that is (or was) a fairly common thing for businesses to do.

Isn’t this just CRL in reverse? And CRL sucks or we wouldn’t be having this discussion. Part of the point of cryptographically signing a cert is so you don’t have to do this if you trust the issuer.

Cryptography already makes it infeasible for a malicious actor to create a fake cert. The much more common attack vector is having a legitimate cert’s private key compromised.

Browsers are only a (large) fraction of SSL traffic.

Good point, sounds like a good thing for most people

NT was built to be a business OS, and the original Windows was killed off for everyone in favor of NT with XP

UAC can be configured to require a password, just like sudo can be required to not require a password. These things function the same on Windows and Linux.

I think they’re much more likely ignorant to this than malicious.

My android doesn’t seem to do that. I just use the back button.