They haven't messed up. They've thought more about the revocation issue than almost anyone else on the Internet, and come to the conclusion that the costs aren't worth the benefits. They appear to be right; SSL revocation is a debacle, and, for most browser configurations, is mere theater.

Here's a starting point for understanding how under-designed online revocation is for SSL/TLS:

https://bugzilla.mozilla.org/show_bug.cgi?id=643907