2) The reason DNS/SSL are so hard is *because* of the coordination with central authorities.
3) If your address was your key fingerprint, no need for a CA; you already know how to make a secure connection (why .onion does not need https)
4) SSL CAs are as weak as the *weakest* CA in your CA list. It only takes one badly acting CA for you to be man in the middled.
5) DNS and SSL CAs centralize the otherwise decentralized fediverse.
Down with DNS, down with SSL CA cartels.