In my opinion new ECDSA intermediates should be cross-signed by DST Root.
There are some LE users (including me, 2000+ certs) who already use ECDSA certs (signed with current RSA interintermediates) and need trust for older android devices.
Without cross-sign only way to support those older devices in my case would be switch back to RSA certs - yes, it’s easy, but why not treat ECDSA and RSA equally?
2 Likes