I'm afraid I'm not too good in the cryptography.
When (or if) the public keys used to produce valid GMA certificates are made available, we'll surely can use them.

But if you mean to change the RSA key in the firmware itself, then this requires the patching anyway.
And the current JNX loader patching gives us more flexible solution, because it allows loading of both "official" JNX (created in BaseCamp for the activated devices), and of the hand-made ones, independetly of their signatures, CRCs etc.