As far as I am aware, the only authentication mechanism(s) implemented in browsers that are remotely comparable to digital signatures are CRAM mechanisms, which use a "hashed message authentication code" (HMAC) algorithm. In these mechanisms, the server sends a one time "nonce" to the client which is then hashed together with the password (in a couple of slightly different ways) and sent back to the server. The server does the same and compares the two. If they are the same, the passwords matched.

To let this work, the server needs to either store the plain text of the password, or it needs to store the internal state of the hash algorithm after hashing the password. The trick here is that there exists both CRAM-MD5, and CRAM-SHA1 (and probably others), and the hashed password for one won't work for the other. So by storing only the hashed password, you either limit the site to one CRAM mechanism, or require the use of plain text passwords over the wire.

The ideal, as you point out, would be the use of true digital signatures, using either RSA, DSA, or elliptical curves, or whatever. These would require the storage on the server of only authentication data that is otherwise publicly available, and yet remain unspoofable.