@freddy @snroth an interesting case is Expect-CT, because it's effectively already been enabled by default. But maybe somewhat special, as you don't have to convince webpages to do anything, browsers could force it upon CAs, and once all pre-CT certs expired, noone could have a non-CT setup any more.

@freddy @Schepp @sarajw For critical stuff I follow the current version + 2 major versions back approach with Safari.