I’m so torn here. Personally I like this a lot and think it will really help enforce good practices and allow easier things like root/int key rotation. Professionally it sucks, as there are a ton of valid use cases for real certs in areas that require manual work and tracking them all is a hard problem. If internal PKIs were easier to make work across all OS and Browser combos I’d just use those instead.
The fact that, as a user, I can't tell a browser "hey, this internal PKI that you already don't trust, just go ahead and trust it no matter what because I tell you to," feels bad.
TOFU is a viable alternative for "long-living" certs, too. The very fact that the cert has longer validity makes it somewhat easier to trust it directly in the client.
TOFU doesn’t actually work. If you set up a TOFU cert environment, 100% of non-security people will click right through it, and 95% of security people will also click right through it.
They’ll just assume that because it was untrusted the first time, that cert errors are normal and ignore it. Especially since they will have a “first use” for every new device and every new browser they visit with.
Funny how some people claim no one will ever click thru the TOFU warning screen because it's too scary and unfamiliar, whilst others say users will just click thru everything.
There’s an important distinction. My claim is that once a user is trained how to ignore a cert error for a particular site and add an exception, they will no longer pay any mind to that site or environment giving cert errors.
The general public, when surfing and hitting a cert error on a random site, will usually disengage.
