The problem with that, of course, is that someone's DNA or fingerprint isn't a secret. There's no reason why I couldn't take your fingerprint, embed it into a signature and claim to be you.
And this is part of why authentication and identity are very difficult things to do right, mostly because very few people have thought about what it is they're verifying.
If I publish a public key and say it belongs to me, 'Bob Smith', the only practical use that has is that you can verify that a future message signed by 'Bob Smith' was signed by someone with access to the same private key as the guy who originally published the public key. Any assumption about who 'Bob Smith' actually is, and who that corresponds to in the real world (what other identities do they assert), and also that 'Bob Smith' is a single entity, are simply assumptions.
It's impossible to pin a human down to a single, guaranteed verifiable, non impersonatable and non revocable identity. 'Documents issued by men with guns' isn't foolproof, but we use it as a trust anchor mostly because everyone else does, and we don't have much alternative.
The thing about a fingerprint or even a dna sample, in this use case is that you send your signature ahead of time and verify yourself phyisically at the party. Does your fingerprint hash match your fingerprint? That is more difficult (but not impossible) to spoof. At the end of the day, this discussion stems from notion that government ids are unreliable as a means of verification. Granted, but for what we are trying to achieve in practice is preservation of privacy and data. I was trying to point out that identification of a person - true identification - can be at conflict with our ultimate goal of privacy, since we have to give up a piece of data to prove we are who we say we are, and contemplated finding a way to technically make it happen (in practice) without sacrificing PII.
I see what you mean - you could probably do something like publish your public key and then publish a signed copy of your fingerprint hash. Anyone else could do the same thing, but an imposter wouldn't be able to convincingly produce your fingerprint on demand when physically present. At least, not without a lot of funding and cleverness.
And this is part of why authentication and identity are very difficult things to do right, mostly because very few people have thought about what it is they're verifying.
If I publish a public key and say it belongs to me, 'Bob Smith', the only practical use that has is that you can verify that a future message signed by 'Bob Smith' was signed by someone with access to the same private key as the guy who originally published the public key. Any assumption about who 'Bob Smith' actually is, and who that corresponds to in the real world (what other identities do they assert), and also that 'Bob Smith' is a single entity, are simply assumptions.
It's impossible to pin a human down to a single, guaranteed verifiable, non impersonatable and non revocable identity. 'Documents issued by men with guns' isn't foolproof, but we use it as a trust anchor mostly because everyone else does, and we don't have much alternative.