Chris Hickman, chief security officer at Keyfactor, a leader in securing digital identities, said this: “A root CA (certificate authority) does not specifically create a security problem, but rather a disruption to availability to any certificate that chains to that particular root. This in turn can lead to a number of situations in which users may be forced to click through exception messages, leading to bad user habits or in extreme cases, causing an application to respond as no longer expected, which we’re seeing now with the numerous websites and services that didn’t heed to Let’s Encrypt’s notifications about the upcoming expiration…”