It's funny to see that the issues with X.509 certificates, are being solved by what X.509 was intended to be used for: a directory system. It's DNS instead of X.500, but it's a start.

> Allowing user to just generate a domain for themselves

That's limited mostly by policy[1], the current PKI environment already allows delegating CA for a single domain.

[1] https://community.letsencrypt.org/t/sub-ca-with-wildcard-cer...

Last time I checked support for that on client side was pretty spotty

There is no support for DANE on the client side!

According to the court, the real reason is because ECH would make it impossible to block through DPI.

ISP are blocking, because of a district judge's ruling.

The money one honestly sounds like a bug.

> The one thing I also wish would be better is discoverability... Just the other day I logged in into an irc server (LiberaChat?) but just didn't know where to go from there.. I got into my country's room, but it was very quiet.

Check out netsplit.de. It has a list of channels sorted by popularity.