> You get both regular certificate pinning (like what SSH uses now) AND full certificate authority chains (if you want).

It doesn't do full chains, but SSH does have certificate authorities. I agree that the lack of intermediate CAs is a limitation (a CA can only sign a leaf node public key directly), but it's still super useful.