Each trust anchor gets issued a single certificate that can have delegation ability, ie the ability to issue new trust anchor certs to others.
So if say a UPS store is issued a cert and they go rogue, we can just revoke the trust anchor cert that was issued to the store, all certs issued further down are also automatically revoked...the revocation check is done either in the app or in the case of a third-party performing the verification they will recognize that there is a cert on the issuing chain that is revoked and reject the cert.
This is how TLS certs are handled too, if a CA goes rogue, all certs issued by that CA are revoked once the CA's root cert is revoked.
As for refund issues, that's a problem for the cert issuer to deal with.
> As for refund issues, that's a problem for the cert issuer to deal with.
no, it's your problem, as it's your brand slapped over everything, and now you've got tens of thousands of innocent people angry that you've revoked the IDs they paid for in good faith
this would translate into lawsuits, against you
When you say that “we” can revoke, I assume you are talking about your company - the app. What sort of resources would be required to constantly audit the potentially thousands or hundreds of thousands of certificate issuers on your platform?