Well, yeah, we should use preexisting standards and OpenPGP would be perfectly fine here and is probably the best choice. That is a wheel we do not need to reinvent. But the actual system used to do the signatures and keep track of the reputation is the last thing we should be thinking about at this point. We should instead concentrate on how to create a system that the majority of people can use and understand. We should be concentrating on standardizing concepts...
Right, that is my point. I feel like there is a fundamental lack of understanding in the vast majority of the population about trust. We haven't helped by telling people "you can trust the little green padlock". Nobody asks "why should I trust it?". That is the problem. It really doesn't matter what technology we provide, so far none of it is really used by regular people to establish trust.
The other option, of course, is to design a trustless system, like BitCoin, but that has its own problems.