Distrusts in the Web PKI involve removing certification authorities that issue HTTPS certificates from root stores due to lack of trust. This can lead to certificate errors for users. However, due to advancements like certificate transparency logs and shorter certificate lifetimes, the impact of distrust events has decreased. Forward-looking distrust mechanisms allow for a smoother transition to new CAs without affecting existing certificates. Overall, the goal is to maintain a secure Web PKI where distrusts are rare, and user security is prioritized. Recent distrusts like GLOBALTRUST and Entrust have shown improvements in user experience and security.
https://dadrian.io/blog/posts/sct-not-after/