[solardev]

It depends a lot on the government in question too. In the US very few people would trust the government to handle something like this. The certificate authority system is run by big tech companies and nonprofits, for example, not the government.

Trusting the government as a peer makes sense for government sites, but for anything else, it just makes censorship way too easy.

Even among businesses, we normally trust the middleman (the credit card issuer, and their protections and chargebacks) over the government. If a business screws over a regular consumer, the government isn't really going to do anything.

Maybe you have a more civilized society and functional government where you live. We don't.

[XorNot]

You've just listed out a bunch of alternate trust roots which, with appropriate infrastructure, could also easily provide practically secured E2E communications which would be adequate for real world use.

The point isn't "trust the government" the point is trust is contextual and the notion of "key signing parties" always missed it (and if you actually go and read up on the concept, government ID documents were considered to be something to ground whether a signature should be issued by someone so it was already baked into the system anyway).

[solardev]

Well, I think that's actually the point, no? This was never a technical challenge (not for a few decades, anyway), but a question of which authority to trust.

Companies rolled their own out of a commercial need. The FOSS community didn't trust the government or big companies so never fully solved the problem. Users just don't care.