Comment by xorcist

Not really. PKI has always been that way since before the web. Mainly because the use cases are so varied and it there is the tendency to support every possibility under the sun.

For the longest time the web PKI lacked a singular view on what exactly they were supposed to be signing. Its usage reflects that.

That is deeply rooted in culture. I mean, we do speak about a culture in which X.509 was a reasonable choice. Years after the X.500 universe was cold to the touch at that.

The rest of your comment seems directed at someone else. Framing this on automation is misleading, which is what the examples in my comment were intended to show.