Clarification: By "authentication" I mean keys that the users generate using ssh-keygen. I do not mean certificates or "certficate authorities" (CA's).
TLS supports mutual authentication via X.509 certificates, and they can be self-signed on both ends with some "accept" dialogs, similar to SSH's "do you trust this host's key?" prompts.
Is generating ed25519 keys slower or faster than generating self-signed certs?
Nothing wrong with OpenSSH supporting the option to use certs. They can be useful to some users.
But the entire X.509 scheme to my knowledge was based around some idea of third party verification.
This gave rise to the business of selling CA "services". Problematic to say the least.
And still to this day, "self-signing" appears to be disfavored. Or perhaps the openssl binary is just too loaded with options for users to learn the commands to generate CA and server certs and keys.
Whether it truly is or not, ostensibly "SSL/TLS certificates" to the public seems to require third party involvement.
ed25519 keys do not have this problem. And generating them is relatively fast.