Client certificates already exist. The problem is that nobody uses them, because every step of the process is a complete and utter pain in the ass. Much like how standard HTTP authentication is ugly, making the existing infrastructure prettier would be much more useful.

I agree, but only the browser vendors can do that. The point of DSSID was to try to force the issue by implementing a usable UI over what is essentially a client cert. If enough people started using it, that just might nudge the browser vendors into doing the Right Thing.