It's not simple, but it's also not new. mTLS has allowed for mutual authentication on the web for years. If a central authority was signing keys for adults, none of the protocol that we currently use would need to change (although servers would need to be configured to check signatures)