I think most countries can't solve the authenticity/signing problem until they admit that a central trust/PKI database is basically a requirement. Some countries vehemently seem to oppose such systems and will do so for a long long while, for a good reason with all these real issues without? We don't know yet.
There is at least some hope for EU citizens, that they wouldn't have to worry about these authorization/identity issues, because the entire European Union just recently created the legislative framework required for solving this problem in the entire EU. With national trust/PKI services there isn't any need to resort to insecure ancient methods (phone calls, fax) that can be spoofed or intercepted, with increasing simplicity. It is somewhat sad how long it has taken, nearly 20 years later the EU is following Estonia's practice/example! I might be biased about how good such systems are as an Estonian, but it isn't bias speaking that the system seems to work - issues like identity theft and account takeovers generally don't exist here. The fact that we have to specifically teach people how to use mostly foreign services safely, because none of them can provide really secure authentication and identification together, says quite a lot about the differences.
There is at least some hope for EU citizens, that they wouldn't have to worry about these authorization/identity issues, because the entire European Union just recently created the legislative framework required for solving this problem in the entire EU. With national trust/PKI services there isn't any need to resort to insecure ancient methods (phone calls, fax) that can be spoofed or intercepted, with increasing simplicity. It is somewhat sad how long it has taken, nearly 20 years later the EU is following Estonia's practice/example! I might be biased about how good such systems are as an Estonian, but it isn't bias speaking that the system seems to work - issues like identity theft and account takeovers generally don't exist here. The fact that we have to specifically teach people how to use mostly foreign services safely, because none of them can provide really secure authentication and identification together, says quite a lot about the differences.