“If you can tell me a good reason to require the public keys to be signed by the govt (or anyone else) I’d love to hear it.”
Who is going to be the issuing authority in this scenario? The government is. The government would be signing and issuing citizen IDs, using their private key. They will also use it to provide authentication and non-repudiation of citizens’ keys. (someone is going to need to validate the keys when a citizen attempts to authenticate with it)
Once they private key of the government authority server is compromised, the entire system collapses. Anyone would then be able to issue citizen identifiers. The .gov would have no choice but to revoke all previously issued citizen IDs, and we start from scratch.
My last post on this, because you’re just not getting it.