While I'm admittedly not an expert in cryptography or trusted computing schemes in general, I don't see how this differs on a technical level from numerous other code-signing schemes with a central certificate authority (CA) (and its chain of delegations) blessing "good" code and revoking such blessings. Well known examples include Securicode / Windows Driver Signing, the anti-consumer bits of UEFI, etc. Can anyone shed some further light on how this is different?
As with other such systems, it assumes the existence of a benevolent authority that cannot be hacked, the cooperation of all packer vendors, the cooperation of all packer *users* (who are not malware authors)... and all packer users who *are* malware authors never hearing of it.
The only main difference I can see (and its potential downfall for its purpose) is that end-users don't pay for certificates. While that's great for end-users (driver signature enforcement in x64 Windows versions is pretty close to extortion IMO), this seems to break down for any packers that are not a licensed commercial product where an explicit, one-on-one packer-vendor to packer-user relationship exists. This excludes any freeware and open-source packers*, where any schmuck can just download and run it (and even modify it) without key exchanges or other communication with its author.
Conversely, if any old schmuck can obtain a fresh signature at any time ("it's free!"), what's to stop any old schmuck from doing exactly that? The stipulations that the system is free to both end-users and packer vendors, bankrolled entirely by A/V vendors out of the goodness of their hearts, suggests any background-checking that occurs as a condition of generating a signature can't be very exhaustive.
* While the IEEE materials refer to the proof-of-concept running on "a modified version of UPX", a well-known F/OSS packer, this almost certainly has to do with the ability to quickly bodge this feature in due to easy source code access, and very little to do with whether the actual author of UPX is complicit in or aware of the system, or whether this scenario can possibly work in the real-world for open-source packers with anonymous downloads.