Bluntly, the refusal of a certain part of the security community to simply secure transport first and then worry about authentication on top of that is both frustrating and mind-boggling.
This sounds a lot like the thinking that brought us the TSA. Do something, anything!
He's asking to decorrelate the authentication problem with the encryption problem, because at the moment the main problem is that to get encryption (without a big ugly warning), you basically also need to pay a CA for authentication.
I really don't see your point with TSA, we're not talking about security theater here.
I have a blog. No ycombinatorer has any idea who I am or whether I'm trustworthy, so a verification from a CA that I am who I claim I am isn't particularly helpful to either of us if I link here.
Since you don't know who I am to begin with, presumably you wouldn't trust me with any greater information than you would give to a phisher, since even with a CA-signed certificate I might have nefarious purposes. But with encryption you would at least know that whoever you are in fact communicating with actually sent the message you received and not something else.
It's genuinely puzzling to me that so many people obtusely claim there's no value there.
If I'm reading your blog, why am I going to "trust" you with any "information" at all? You shouldn't need to prove your identity to publish a blog, and if you need either positive identity, non-repudiation, or encryption, then you need something that 99.999% of your fellow bloggers don't.
So to me, the whole thing sounds like a red herring, or rather a Trojan horse for the imposed removal of anonymity from the Web. No one has articulated just what problem is being solved here, but plenty of people have articulated the downside.
This sounds a lot like the thinking that brought us the TSA. Do something, anything!