There's a drawback to the purely backlink-based approaches though (at least to my naive skip list, but it also applies to your suggestion I think): While there is a certificate of logarithmic length for any two messages x, y that proves that x was published before y, that certificate is specific to that pair of messages. With the merkle-approaches, one of the goal was that there is a certificate per sequence number, and any two of those certificates allow verifying the existed-before relation of those two messages.

When requesting a message by hash, you don't know its sequence number yet. So you can't know beforehand what certificate to request.

Even worse, the peer might only partially replicate that feed itself, and it might not have the messages that make up the particular certificate. I think that's a showstopper and forces us to come up with a correct merkle-tree-based approach?