<div dir="ltr"><div class="gmail_extra">Bear in mind another reason the web uses standalone certs - even with 100% fast reliable key servers, doing lookups out of band would leak private browsing data to the CA's/keyservers. Data that they don't want to receive, but could be forced to keep by data retention laws anyway. This problem seems to also exist with email. When you can verify a key by just verifying a bundled cert chain, this problem goes away.</div>
</div>