If users could be trusted to maintain a key pair (PGP), then we wouldn't need to use email to do authentication.