I propose that a group known as the "IRCv3 Security Council" is created.
This group is a separate part of the IRCv3 effort, will have their own section on the website just as the IRCv3 Working Group page is being split off from the landing page, and for most intents and purposes act independently of the IRCv3 Working Group.
Rationale: The traditional CA model has, widely, not worked with IRC today. Large portions of IRC networks out there today use self-signed certificates, and disabling certificate verification or otherwise working around the certificates not validating using traditional methods is fairly common.
This proposal would allow the creation of certificate bundles and revocation lists controlled by the IRCv3 Security Council, which when used by clients (instead of the traditional CA roots provided by operating systems) should solve the majority of these issues for IRC users and network operators.