It does make me wonder if the zealous pursuit of shorter expirations has gone too far, especially up at the root. Is there good public discussion on root expiration? Seems to mostly come up when old devices get bricked because of it. Certainly 15 year expirations are not a substitute for extremely strict root key management or root key revocation.