@aral Could malicious compliance be an option if this goes through? Like the page loads, but a big banner is displayed in the browser informing the user that an unsafe CA is being used which probably means that the web use is being directly surveilled?