PKI can authenticate a message to a key, but can't resolve human name to a key unless it'll be highly centralized, well moderated and not cancellable. Maybe if a user just couldn't choose the ID at all, that could destroy the motive to spoof an ID, and solve the problem?