I'm guessing "the CA system" refers to the Web PKI†. Any Public Key Infrastructure has a Certificate Authority role, so attempting to distinguish the Web PKI by the existence of this role makes no sense.
This also makes your next sentence nonsense, anyone advocating for PKI is advocating for a technology that has trusted authorities, that's how it works, it's as though you claimed computer evangelists don't like mathematics because it uses symbol manipulation.
And then it makes your next sentence nonsense, something like Signal isn't a PKI, it has no CA role, who "Janet" is on Signal is only a matter for you and Janet. Signal also isn't purely TOFU, you can insist on manually verifying every identity just as you can on SSH.
But even though I believe the Web PKI is the only successful public PKI there are plenty of other PKIs in use that are successful in a narrower sphere, and we're already in a discussion thread about such a sphere, the global banking system.
† The Web PKI isn't strictly just a PKI for the World Wide Web, it's actually a PKI for TLS services on the Public Internet. But it exists only because Netscape built SSL, and in practice its oversight is from the major browser vendors (most notably Mozilla but of course also Microsoft, Apple and Google). There was once a good chance the only TLS client implementation you had with any useful PKI enforcement was your web browser, today it's likely other tools on your system also do this... but always relying on the Web PKI.
This also makes your next sentence nonsense, anyone advocating for PKI is advocating for a technology that has trusted authorities, that's how it works, it's as though you claimed computer evangelists don't like mathematics because it uses symbol manipulation.
And then it makes your next sentence nonsense, something like Signal isn't a PKI, it has no CA role, who "Janet" is on Signal is only a matter for you and Janet. Signal also isn't purely TOFU, you can insist on manually verifying every identity just as you can on SSH.
But even though I believe the Web PKI is the only successful public PKI there are plenty of other PKIs in use that are successful in a narrower sphere, and we're already in a discussion thread about such a sphere, the global banking system.
† The Web PKI isn't strictly just a PKI for the World Wide Web, it's actually a PKI for TLS services on the Public Internet. But it exists only because Netscape built SSL, and in practice its oversight is from the major browser vendors (most notably Mozilla but of course also Microsoft, Apple and Google). There was once a good chance the only TLS client implementation you had with any useful PKI enforcement was your web browser, today it's likely other tools on your system also do this... but always relying on the Web PKI.