I'm having a feeling that you call a set of software/hardware to handle certs a PKI.
The problem for such PKI is that, if we have certs based on existing trust (e.g. I trust some organization have an authority to issue passports) relationships, we can exchange shared secret using the relationships that we don't need any public keys.
In principle, yes, but in practice it is preferable to use public keys for a variety of security reasons,
In practice, I see no security reason not to use shared key cryptography. See below about the practice of the cases you choose (passports, frequent traveller cards, etc.)
not to mention the existence of a lot of software that can make use of certs and public keys.
I'm afraid you are saying we should have PKI because we have PKI.
This is what happens in the physical world with most physical credentials: passports, frequent traveller cards, etc.
Our trust relationships in these cases are so strong that we can be delivered not only PINs (shared secret) but also physical credentials.
Yes, but it is cheaper to issue credentials in the form of certs and avoid postage and related physical credential costs.
In all (passports and frequent traveller cards) cases, it is required that applicants physically contact authorities.
In Japan, and maybe in other countries, use of material mail is inevitable to get passport, because it is the way to confirm the addresses of applicant.
One can pick up frequent travellor cards, at least paper ones, at airport.
Also, PINs are meant to be remembered by users and thus are mire vulnerable to guessing than key pairs. So we have to put into place attack monitoring and response schemes, e.g., locking down an account after N bad login attempts, which creates DoS opportunities! So there are many reasons to prefer PKI here, although there are downsides too.
Here, we are talking about physical credentials optionally accompanied by PINs. So, long PINs may be securely stored in the physical credentials (maybe with additional short PINs to activate the physical credentials, which is also the case for devices storing secret keys of public key cryptography). DoS is to steal the physical credentials.
The next question is, does a, two or millions of PKIs worth having?
I don't think they do.
I don't know how many we need. But, when I look in my travel bag I see about 30+ paper and plastic credentials, all of which could be turned into certs under the right circumstances, without creating new "trusted" organizations,
I think we can, at least, agree that we need no "new trusted organizations" or commercial CAs.
and with the benefit of greater security and less bulk (bits are thin and light weight!).
That you have paper and plastic credentials means that you don't need much security.
That you have an IC card containing 30+ secret keys activated with a short PIN does not mean so much security. How do you think about an IC card erases all the secret information after N bad PINs, which creates DoS opportunities?
Masataka Ohta