Carl,
A lot of work has been done, espevially by David Chaum, on the
concept of anonymous, electronic monetary systems (see articles in
CACM in the early 80s and more recently in Scientific American).
However, there are many circumstances where certification of the form
described in X.509 and used in PEM, X.400, X.500, and DEC's
distributed system security architecture (just to name a few) is
appropriate. I think Peter's question was about alternative
structures available for certification systems of the sort cited here,
rather than a question of whether there were public key applications
that could live without this sort of structure.
Steve
P.S. Dave Chaum's work still involves certification of a sort, but it
introduces indirection intended to avoid the unwanted binding of names
to money.