I think you are right, even if the agreement was perfectly clear, a TRO can be issued. Either the CA system lives with this risk or we only trust CAs that operate in countries without this risk (do any exist?)
Another approach is for the CA to revoke the cert first, then notify the customer. This avoids the TRO as the customer wouldn't know about the planned revocation until it was too late to act.
Does the CAs desire to help customers swiftly move to a new certificate outweigh the risk that a customer would sue to get more time (causing the CA to fail to revoke quickly enough)?
I think you are right, even if the agreement was perfectly clear, a TRO can be issued. Either the CA system lives with this risk or we only trust CAs that operate in countries without this risk (do any exist?)
Another approach is for the CA to revoke the cert first, then notify the customer. This avoids the TRO as the customer wouldn't know about the planned revocation until it was too late to act.
Does the CAs desire to help customers swiftly move to a new certificate outweigh the risk that a customer would sue to get more time (causing the CA to fail to revoke quickly enough)?