Before the June 6th, 2024 change, ECDSA certificates could be issued from RSA intermediates. Now, as mentioned in the previously linked post, all ECDSA certificates are issued from the ECDSA intermediates, which by default will be signed by ISRG Root X1, with the option to opt-in to an all ECDSA chain where the intermediate is signed by ISRG Root X2.
From the first paragraph of the post:
We will begin issuing ECDSA end-entity certificates from a default chain that just contains a single ECDSA intermediate, removing a second intermediate and the option to issue an ECDSA end-entity certificate from an RSA intermediate.
Notice of the date of the switchover to the new intermediates appears to have first been given on June 10th, 2023 (roughly a year in advance). From a chain of trust perspective, care was taken to ensure that users of ECDSA certificates would still have broad compatibility by making the default behavior to use ECDSA intermediates signed by X1. However, the notice that ECDSA certificates would only be issued from ECDSA intermediates does not appear to have been given until the April 12th, 2024 post, roughly 2 months before the switchover was set to occur.
My question is whether there was previous indication that ECDSA certificates would only be issued from ECDSA intermediates, rather than giving users the option to have them issued from RSA intermediates or ECDSA intermediates? If not, is 2 month notice considered to be acceptable by Let's Encrypt for this type of change moving forward?
While attention was called to compatibility issues for folks using the ill-advised strategy of pinning to intermediate certificates, there was no acknowledgement of how users relying on one root or the other could be impacted by the change in curves / algorithms used by intermediates. Not all clients support all curves / algorithms, so moving from, for example, an ECDSA -> RSA (intermediate) -> RSA (root) chain to an ECDSA -> ECDSA (intermediate) -> RSA (root) chain could result in breaking clients regardless of whether the root RSA certificate remained the same.
If this sort of change / notice period is aligned with Let's Encrypt policy, I would recommend noting so somewhere on letsencrypt.com (my apologies if I missed where this is already present, please feel free to link me to it). If it is not, I would recommend continuing to allow issuance of ECDSA certificates from RSA intermediates for a more lengthy period of time to allow for client migration.
Thank you!