Yes. DNSSEC. Because what we need is a trusted arbiter, and who better to fulfill that role than the governments of the US, or whatever country happens to own the TLD I use?
Well, it's at least better than X500. With DNSSEC you only have to trust one government, not all of them.
And you can also get more than one domain, in more than one TLD. Not very practical for automatic verification, but for surviving a manual verification several governments would have to collude against you.
I still think that there must be something better. But I'm probably not good enough to create it.
