Comment by ocdtrekkie

Even granting that, it's still both an ineffective fix and it introduces significantly worse security risks than it tries to mitigate, on a system that at its core is fundamentally bad.

PKI is structurally broken at every level. The reason there are so many changes and additions and new features being slapped on it, is because it's a really dumb system and the people who control it are very motivated to keep it in place at the expense of everything else.