Why is X.509 so grim?

I've been intending to assemble some notes about the way I've been using an OpenSSL install to knock off some certification requirements. I was going to start with a round-up of the ways that X.509 was needlessly confusing, redundant and bizarre. And I was going to say that large-scale, public, multi-party PKIs are wrong-headed and dangerous.

There's still room for the OpenSSL cookbook -- I'll do that. For such a long-lived product, the documentation just doesn't say what a typical newbie user will want to know. And there's room for me to come clean (if no-one else will) and say that the worst initial obstacle was that I got confused with OpenSSH!

But the rest has been done a long time ago. I wish I'd found it earlier. It's sufficient to say:

• X.509 PKI solves the wrong problem. It's not you. It really is too hard to get right.
• The semantics of the trust and reliance which X.509 attempts to create between unrelated parties are much more tricky than they look, do not address vital issues like counterparties' management of private keys and do not correspond with the ordinary requirements of law and regulation
• X.509 PKI only makes sense between parties who have a pre-existing legal structure (perhaps they're part of the same organisation), and have a means to deal with cancelling authorisation that does not depend on certificate revocation

Why? Witness Peter Gutman's PKI Introduction. And while you're at it, check out his other stuff too. I found the Encryption and Security Tutorial was particularly helpful.