"Eventually" may be decades.
Digital signatures have long been one of my interests. Around 1990 I even tried to get digital signatures into the "trn" newsreader. Unfortunately, there have been three major problems:
Fortunately, the RSA encryption/signature patent expired in September 2000. The DSA algorithm is patented in other countries, and is disputed in the US.
This was the biggest problem for most of the 1990s. I managed to get permission from RSA to use a signature library, but because of US export regulations I could only distribute it as a binary file for a few supported architectures. (This was not acceptable.) Almost all the US barriers were removed in the last year. Most of the world seems likely to remove these barriers.
This is perhaps the killer problem. The most likely solution seems to be a credit-card sized smart-card which performs the cryptography/signatures within the card. The likely functions of the card may include:
Software-only solutions are usually insecure given the lousy security habits of most people. Still, for low-value transactions (like validating dialup passwords or forum users), they can be better than short passwords (which are often saved in cleartext on the PC anyway). --CliffordAdams
Turns out the most likely solution is to ask Microsoft very nicely to put your (the CertificateAuthority's) SymmetricKey--the TrustAnchor?--into their browser. This generally turns out to be VeriSign in practice. And I guess NetScape. Who?