There are a lot of people who're totally infatuated with the idea of per-user DK-or-similar. To such people, my usual question is "do we need to stop working on domain-level signing while you figure out how to do user-level signing?"

To me, it's ye olde 80/20 cliche. Well over 80% of the problem (FMVO "problem") can be alleviated by domain signing. The rest may require user signing, but that has an infinitely greater number of edge cases and thus will take a much longer time to design and implement.