For one, we have relays, they have pubkeys, and yet, we still rely on the certificate chain.

In a better world, relay lists should contain the relay host (or better, its IP) AND its pubkey, and those pubkeys should be directly used in diffie-hellmann key exchange when initializing secure connection.

The problem with this approach is that there is - to my knowledge - no technology embedded in browsers by default that achieves it effectively.