But I think the authentication problem is in fact the hard problem. Assuming we got rid of STARTTLS (the actual verb) and just always did TLS (say, on some other port), how do you propose to solve it?
Fortunately, we have an extensible protocol that already supports service advertising and negotiation. There's no reason we can't have an AUTH module that works both ways (both the client and server mutually authenticate, independent of the transport-layer encryption).