The best part is that the US Government already did this -- it runs the second largest PKI. Second only to the Internet. It has issued more than 20 million certificates to individuals.
That's the part you don't want them to do though. Centralized PKI is bad for privacy and creates a single point of compromise. You don't want this, but for the whole population:
What you want is some well-reviewed code that a bank or utility company can "apt install" onto their server and get secure decentralized web authentication working in five minutes instead of leaving them to create some custom in-house contraption designed by a rotating committee of middle managers.
And they should really endeavor to break that PKI thing into smaller, independent, less centralized pieces. It's way too big as it is. There appears to be something called "Symantec" between "Federal Bridge" and "US Senate" and then another "Symantec" between "Federal Bridge" and "Naval Reactors" -- that doesn't seem great.
