For one, the IETF already has a JOSE working group. This working group doesn't see it necessary to have a competing standard, and will stonewall any effort within the IETF to make a competing design. Dealing with their gatekeeping and tut-tutting over "why make a new design instead of just ironing out the deficits of JOSE?" is a full time job.
For the past few years, I've also not been able to email any IETF mailing list without Legal's permission from my employer. This is due to how broadly the IETF interprets "IP contribution". It was so stupid that I had to harass our IP lawyer for 2 weeks (in conjunction with a Sr. Principal Engineer who was deeply confused why they wouldn't even respond to my tickets, emails, or Slack messages) to get them to let me send an email to the COSE working group mailing list to inform them of a security footgun that was being proposed: https://mailarchive.ietf.org/arch/msg/cose/k6VnQkSNgyD1TsCMQ...
The permission I finally eeked out of Legal was only to send that initial message and nothing else, so Google's Sophie Schmieg had to fill in the blanks when they responded with questions: https://mailarchive.ietf.org/arch/msg/cose/BPKWnJraRblWEC9nu...
There are no technical reasons why there cannot be a PASETO RFC, or a PASERK RFC. The only objections are political or (from Amazon's side) very stupid.
I'm likely to be fired soon for refusing to relocate in accordance with Andy "Jasshole" Jassy's top-down RTT mandate, so I don't feel any incentive to hold my tongue on this matter.
I've personally given up on the IETF, and will instead be contributing PASETO and PASERK to the C2SP initiative, which I believe is more suitable for cryptographic specifications.
Yeah, JWTs suck.
However, you are asking people to believe claims about a crypto specification when nobody is willing to do the work to make it an IETF RFC?
That rings all kinds of alarm bells.