1) In the beginning the whole X.509/PKCS PKI mechanism was seen as something that came out of X.500 and other telco stuff, is centralized, complex and expensive (all of these things are in fact true for the originally envisioned usage) and thus irrelevant for decentralized internet. (for example, the L for "Lightweight" in "LDAP" essentially means that it uses passwords instead of client side certificates)
2) The UX in early SSL capable browsers for client-side certificates was horrible (In Netscape the whole SSL configuration was in completely separate dialog from browser settings, which was incredibly complex. IE uses SSL implementation from windows which is also used for lots of other things and has centralized configuration and also even today creates confusing dialogs when site requests client certificate). It's somewhat ironic that various ActiveX/Java based replacements of this horrible UX are in fact often even more unusable.
What's really sad to me is that SPKI (RFCs 2692 & 2693) addressed centralisation, complexity and cost, and was more-or-less completely ignored. If the browser and server vendors had just supported it, I really think that it could have had a chance.
1) In the beginning the whole X.509/PKCS PKI mechanism was seen as something that came out of X.500 and other telco stuff, is centralized, complex and expensive (all of these things are in fact true for the originally envisioned usage) and thus irrelevant for decentralized internet. (for example, the L for "Lightweight" in "LDAP" essentially means that it uses passwords instead of client side certificates)
2) The UX in early SSL capable browsers for client-side certificates was horrible (In Netscape the whole SSL configuration was in completely separate dialog from browser settings, which was incredibly complex. IE uses SSL implementation from windows which is also used for lots of other things and has centralized configuration and also even today creates confusing dialogs when site requests client certificate). It's somewhat ironic that various ActiveX/Java based replacements of this horrible UX are in fact often even more unusable.