Not sure if makes sense to continue this here or if I should have started a new thread, but I've got a few questions relating to what's in the announcement:
In the immediate future (earliest possible: today; latest possible: December 16th) we will begin issuance from our new R3 intermediate.
This link in crt.sh I think goes to the initally-revoked cross-signed intermediate. Should it maybe go to https://crt.sh/?id=3479778542 or https://crt.sh/?caid=183267 instead?
As usual, this will take the form of a phased rollout, beginning with us issuing a few certificates for ourselves, then allowing issuance in staging, then switching Prod to issue from R3. We will update this thread when these stages are in progress.
Can you clarify what it means that you'd be "allowing issuance in staging", when staging (I assume) wouldn't be signing from the real production R3? (Or maybe it will do "real" signing for some short length of time for testing?) Is it just that there would be new intermediates that will be started to get used in the staging environment? (And if so, I'd kind of expect that the order would be different, that staging changes would happen before issuing internal-to-Let's-Encrypt certificates?)
So since E1 isn't going to be in use just yet, I just want to confirm that elliptic curve leaf certificates will just get signed by R3 once that goes live? That is to say, the "R" just means that the key for the intermediate itself is RSA-based, but it'll still be used to sign ECDSA certificates just like X3 does?