Privacy is the biggest problem - both sides of the connection present their identity simultaneously, so you leak your identity to a MITM. For server-to-server communication, that's fine. For person-to-website communication, the two sides are semantically asymmetric, and I don't want to prove to 104.20.44.44 that I am geofft until 104.20.44.44 proves to me that it's news.ycombinator.com.
UX is the other one. Chrome is removing support for <keygen>, and they have excellent arguments for why: https://groups.google.com/a/chromium.org/d/msg/blink-dev/z_q... (Essentially, the ability for a website to inject certs into the system cert store is super weird.)
And without <keygen>, the experience of installing certs is completely awful. Let alone the UX problems with expired certs, etc.
UX is the other one. Chrome is removing support for <keygen>, and they have excellent arguments for why: https://groups.google.com/a/chromium.org/d/msg/blink-dev/z_q... (Essentially, the ability for a website to inject certs into the system cert store is super weird.)
And without <keygen>, the experience of installing certs is completely awful. Let alone the UX problems with expired certs, etc.