[catlifeonmars]

TLS != the current TLS PKI, which is the distinction GP is making I think.

Although tbh I think that just moves the problem somewhere else (which is perfectly fine if you don’t like the current PKI).