It seems like most of what's bugging you about TLS is having to keep up with certificate reissuance. The reason you have to deal with that is that global-scale distributed revocation is a ludicrously hard problem. To mitigate the fact that some bindings of users-to-certificates are effectively irrevocable, you shorten the lifespan of certificates, so their blast radius is smaller.
This is cold comfort, of course (though: the post-ACME world of short-lived certs has better DX than the nightmare world of long-lived Verisign certs), but it's worth noting that any alternative to TLS would face similar problems.
Certificate revocation is a really interesting problem, because it's obviously vital but also pretty rare. Currently, to validate a certificate, every client has to walk through every certificate in the chain and ask for the CRL or make an OCSP query, just in case. It's incredibly wasteful and subject to all sorts of problems. It's really fun verifying file signatures on a machine with no direct internet access.
It would be nice to have a centralized push-based solution or something. I dunno, hard problem.
This is cold comfort, of course (though: the post-ACME world of short-lived certs has better DX than the nightmare world of long-lived Verisign certs), but it's worth noting that any alternative to TLS would face similar problems.