I think you are correct. There were similar issues with Firefox rolling out SameSite=Lax by default, and I think those plans are now indefinitely on hold as a result of the breakage it caused. It's a hard problem to solve.

> As an aside it's not clear that OCSP stapling is better than short-lived certs.

I agree this should be the end goal, really.

Oh wow. I thought SameSite=Lax by default was a done deal. It shows how much I’ve been following in the past few years.