Exchanging certificates once a year is... kinda ridiculous in almost every scenario except the one Google envisions when it dictates the Internet, yes. ACME support is making it into enterprise technology, but it'll probably be another five to seven years until it's common. Literally all businesses just have to suffer bull---- processes to cave to "Google felt like doing this, and Google is a monopoly".
And of course, don't worry, Google is ruining ad blocking browser extensions too, for the 70% of users who use their web browser. (This is one of the reasons defenses for Google's behavior so rarely holds... they are attacking users through so many different avenues at once, the justification only holds if you ignore everything else they're currently doing.)
> Exchanging certificates once a year is... kinda ridiculous in almost every scenario except the one Google envisions when it dictates the Internet, yes.
The thing is, if you're doing it right it should not take longer than 5 minutes. It forces people to actually invest in good infrastructure practices rather than build brittle shit that collapses at the first blow. And most of the "enterprise" stuff you're talking squarely fits into that category.
As said I'm happy for anything that aims to prevent ossification, simply because how often I have heard the lines "why invest into something proper when a thrown-together hack lasts us just the same" or "why replace that old Cisco firewall box if it ain't broken yet".
And of course, don't worry, Google is ruining ad blocking browser extensions too, for the 70% of users who use their web browser. (This is one of the reasons defenses for Google's behavior so rarely holds... they are attacking users through so many different avenues at once, the justification only holds if you ignore everything else they're currently doing.)