It's only reduced to the initial handshake if every single CA¹ keeps their signing certs protected. We've seen more than once that this is not always true.
¹ (remember, even if you have a cert with a specific CA, nothing technically prevents a cert from being signed with another CA's certificate).
¹ (remember, even if you have a cert with a specific CA, nothing technically prevents a cert from being signed with another CA's certificate).