You still are reaching out to authoritative servers for that domain so someone else other than the destination knows what you are looking for.

The 47 day life expectancy isn’t going to come until 2029 and it might get pushed.

Also 47 days is still too long if certificates are compromised.

▲

the8472 2 days ago | parent | next [-]

The authoritative servers for a domain are likely to be operated by the same entity as the domain itself.

▲

cyberax 2 days ago | parent | prev [-]

You can request 6-day certificates from Let's Encrypt. There's a clear path towards 24-hour certificates. This will be pretty much equivalent to the current status quo with the OCSP stapling.

▲

akerl_ a day ago | parent [-]

Is that live yet? (Not asking to be critical; I was keeping an eye out because I wanted to migrate but last I saw, 6 day certs were still in testing-only).

	▲	cyberax a day ago \| parent [-]
		It's in a beta now, they are planning to release it very very soon.