What does attestation mean in this context? The point of the Web PKI is to provide consistent cryptographic identity for online resources, not necessarily trustworthy ones.

(The classic problem with self-signed certs being that TOFU doesn’t scale to millions of users, particularly ones who don’t know what a certificate fingerprint is or what it means when it changes.)

A lot corporate environments load their root cert and MITM you anyway

A lot of applications implement cert pinning for this exact reason

Then you might as well get rid of TLS altogether.

You'd still want in transit encryption. There are other methods than centralized trust like fingerprinting to detect forgeries.

Haven’t seen any such system that scales to billions of user.