There is an opportunity for new authentication approaches that can't exist in a TLS-everywhere world.
I'm looking at http://en.wikipedia.org/wiki/Generic_Bootstrapping_Architect... in particular.