The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
I think there’s an argument to be made here of why are we trusting certificate providers anyway since that just adds another layer of centralization and a choke point for governments to attack. Why not use self-signed certificates and have each search engine indexer also index the certificate and point out how long it has been since it has changed so that you can trust whatever search engine you wish instead of these mega centralized providers of certificates. If kagi, google, ddg, and quant (for example) are all in agreement about the validity of a cert i feel its likely trustworthy. If they start disagreeing thats when it may be time to DYOR. Besides, TOFU is much easier to set up.
I think there’s an argument to be made here of why are we trusting certificate providers anyway since that just adds another layer of centralization and a choke point for governments to attack. Why not use self-signed certificates and have each search engine indexer also index the certificate and point out how long it has been since it has changed so that you can trust whatever search engine you wish instead of these mega centralized providers of certificates. If kagi, google, ddg, and quant (for example) are all in agreement about the validity of a cert i feel its likely trustworthy. If they start disagreeing thats when it may be time to DYOR. Besides, TOFU is much easier to set up.