I would be so glad to see a short educational video about this. I wasn't aware of this and I think millions of other devs aren't either. Otherwise we'd never have adopted this nightmare.

I love how simple SSH is with it's PK-Auth. The only challenge is session-invalidation and key-management, but that can be surely automated, no?