I have to agree with Frank. TLS has proven itself to be extremely hard to implement or use correctly. And why use certificates If you can use plainkeys? There are other choices, like Noise.
TLS is for use to connect arbitrary peers on the Internet, which means you're going to need a PKI. So that means certificates.
I don't happen to agree with Noise's philosophy about agility, but that's one of those things where we'd have to agree to disagree in the short term. In terms of replacing TLS, Noise just isn't in the picture at all.
Nope. As I said, if you need a transport layer to connect arbitrary peers over the Internet, TLS is exactly what the doctor ordered and it already exists. Already studied, already got libraries that implement it, already got test frameworks, everything is in place. An alternative even if it was technically no worse (which isn't guaranteed) and available today (impossible) doesn't have those things.
> You can do PKI with plainkeys.
Nope. A PKI specifically involves the binding of keys to identity, that's what the certificates are for. You don't have to have X.509 (though I'll argue you might as well) but you need that binding.
TLS is for use to connect arbitrary peers on the Internet, which means you're going to need a PKI. So that means certificates.
I don't happen to agree with Noise's philosophy about agility, but that's one of those things where we'd have to agree to disagree in the short term. In terms of replacing TLS, Noise just isn't in the picture at all.