End-point trusts any certificate from any CA configured

• fake certificates issues by another CA are a common thread

• measure "certificate pinning" only standardized for HTTP (HPKP, is now deprecated)

Centralized system

• high demand for confidentiality of CA private keys

• measure "intermediate certificates" makes system even more complex and more systems demanding high confidentiality

Key Revocation cumbersome

• based on centralized "black list"

• Certificate Revocation Lists (CRLs) growing huge quickly and need to be distributed to each end-point

• OCSP (Online Certificate Status Protocol) requires online connection and additional services to be available 24/7

• OSCP is a thread to privacy

Key renewal does not revoke old key

• if the old key is still valid (with in its life-time) and not on the CRL, it can still be used

Complex to plan, deploy and run

No opportunistic use

• Can either be enforced or not used at all.

• Has no notion of "I stared communication encrypted, so I no longer accept unencrypted messages"

• No TOFU (beside now-deprecated HPKP)