[a3_nm]

What we need is a public key authentication scheme with the possibility for normal users to delegate their identity to some trusted third party to which they hand their public key (like with OpenID). I think this would be the best of both worlds: normal users get a seamless experience, and nerds have total control over their identity without even needing to, say, own a domain name and trust DNS.

[markkum]

This is exactly what we are building here; https://www.mepin.com The private key is generated and stored in a smarphone or separate USB smartcard, so that normal users don't have to manage their private keys.

[a3_nm]

I was thinking of a standard. From your website, it seems that you are developing a product.

[jesboat]

nothing prevents an openid provider from using cert-based auth now