История изменений

Делаем ставки, как быстро корневой серт окажется в свободном доступе.

Думаю, что не окажется. Специализированную железку для приватного ключа они все-таки должны осилить. Что-то вроде такого (первое же, что нагуглилось):

https://www.virtucrypt.com/services/elements/offline-root-ca-storage/

VirtuCrypt Elements Offline Root CA Storage provides a secure root certificate authority infrstructure. At the highest point within a Public Key Infrastructure (PKI) hierarchy, the root CA is trusted by all an organization’s users, and as such it is critical to maintain the root private key securely to prevent unauthorized use. For comprehensive risk reduction, the Root CA's private key is kept offline within a FIPS 140-2 Level 3 and PCI HSM validated Secure Cryptographic Device. This solution safisfies PCI PIN and P2PE requirements that dictate that CAs used to sign subordinate CAs be kept in an offline dedicated network.

Думаю, что не окажется. Специализированную железку для приватного ключа от корневого сертификата они все-таки должны осилить. Что-то вроде такого (первое же, что нагуглилось):

https://www.virtucrypt.com/services/elements/offline-root-ca-storage/

VirtuCrypt Elements Offline Root CA Storage provides a secure root certificate authority infrstructure. At the highest point within a Public Key Infrastructure (PKI) hierarchy, the root CA is trusted by all an organization’s users, and as such it is critical to maintain the root private key securely to prevent unauthorized use. For comprehensive risk reduction, the Root CA's private key is kept offline within a FIPS 140-2 Level 3 and PCI HSM validated Secure Cryptographic Device. This solution safisfies PCI PIN and P2PE requirements that dictate that CAs used to sign subordinate CAs be kept in an offline dedicated network.