Phil,
Since a user can mark an entity as a trusted introducer, PGP
embodies transitive trust, though you accurately note that this is
different from uncontrolled or unbounded transitive trust. Nonetheless,
the resulting certification mesh that arises strikes me as very hard for
users to manage as it grows. The US is a nation of people who cannot
program their own VCRs (giving rise to VCRPlus as a profitable company).
This casts doubt on the ability of most folks to intelligently manage
the certification graph that will arise from any extended use of PGP for
communication with a large number of people.
By the way, the characterization of PEM as a "Government standard
public key management scheme ..." is a surprizing view of the Internet
certification hierarchy, especially in light of the U.S. Government's
promotion of the DSA and KEA algorithms.
Steve