DNS allows search so we really should have started rejecting everything that isn't qualified with an end dot as punishment to ICANN.. Instead random common names might be treated differently on every network to make sure these people can't issue certs that will be trusted for them in your own network, etc.
Now prioratizing unambiguos naming would be somewhat acceptable if ICANN was tacobell and just a steward of naming on the side.
I'm not sure what you mean by "DNS allows search" -- by the usual definition of "search", the DNS doesn't: it is a lookup mechanism. I'm also not sure who "we" are in your idea or what you mean by "qualified with an end dot": all domains that get looked up implicitly have a "." (a zero length label that signifies the end of the query name) if it isn't explicit.
If you are not a consumer on an ISP emulating dialup it is quite likely that a popular name in a naming convention I.e. 'mercury' resolves to something for you and something for someone at a different firm (mercury.intranet.[firm].not-so-stupid-tld). A cert is possibly not a fully qualified one so when ICANN gives away mercury you need to append .asshat to everything ICANN names.
(Two firms have an unambiguous situation because they don't trust each others private roots but they both trust a cert issued for the public trust as a fqdn which is why TLDs expanding is a form of theft/breakage against every intranet..)
Ah, resolver (not DNS) search paths. They were a really bad idea that can and do lead to leaked queries that can result in all sorts of unpleasantness and risks.
As for certs, AFAIK, you can't get a certificate for a non-fqdn from a public CA since 2015.
With AI churning out a pretend blog or news site or web shop in a few minutes, that would be hard to enforce. I’m with you on the necessary death to TLDs, though.
