Digitally signing papers

Sorry, my question wasn’t very well worded. I’m pretty convinced that you’re right, the orcid is the solution, but…
Say I take some little-known but solid researcher (maybe without an ORCiD), make an ORCiD under their name, copy their publications into the Works page.

If editors are, in practice, sufficiently unscrupulous to miss a forged email address, it hardly seems like, in practice, they’ll catch this forged ORCiD account. Certainly it’ll be caught by others later, after publication, but the damage to the literature is already done.

Maybe this is just an xy problem, the real solution is better editorial processes, but authenticating a cert seems like an easy thing to automate, since it’s done cons…
(see full text)
Of course I could take my ORCiD to someone and get them to write a letter saying that, yes, “88292-” is that “Pete Thornton at Phoenix”, but that seems like the whole point of a certificate authority or OpenPGP’s web of trust.
ORCiD doesn’t have a person in the loop verifying a government ID, which is what a CA or signing party is supposed to do.