I want to argue that they have indeed gotten much better and that you must be careful to note the vantage points from which you survey the problems to make this judgment.

Before PK crypto, symmetric key distribution was easy to understand and hard to do. Keys were transported physically ahead of need in ways that would reveal if they had been copied, or they were conveyed thru more secure channels, in those few cases where there were such. In cases of introduction, the introducer could convey a new key thru whatever presumably secure channels previously existed. The introducer would also know the new key.

You have learned about X thru several sources. You compare what you have heard about X and decide that you want to communicate with X. If the name by which you learn of X is his public key, or its finger print, then you can be confident that messages encrypted to that public key will be decrypted only by the holder of the corresponding private key. If the person who has warranted this reputation has also guarded this private key then public key crypto has done something that known symmetric key protocols could not have done. The various sources from whom you heard of X would have had to collude and furnish a bogus key fingerprint. If they wish to collude they may as well have invented X and his key. This is a failure of the reputation system not of crypto.

Note that the above scenario requires no CAs, PKI nor “key signing”. I discriminate between introducers and CAs in that an introducer tells you about the person and why you might need to communicate with him, whereas a CA only connects the “distinguished name” to the public key.

Until introducers think to convey finger prints along with recommendations, CAs will serve a purpose. Enterprise CAs may well set enterprise security policies.

I was skeptical of any useful kind of global name until the practical public keys were invented. The public key is it.