x.509 is intended to associate a non human readable public key with a human readable globally unique user name. You hope to associate a reputation with that globally unique user name. x.509 does not actually work, as the phishers routinely demonstrate. People are used to logging into their bank, and getting slung from one certificate to the next, none of the certificates having much resemblance to the name of their bank. Further, the process of getting and installing an x.509 public key is too horrid for the ordinary end user to deal with. Use zooko's triangle. Associate reputation with a public key, and present to the user not the public key, but the account of the owner of that public key on the reputation server that curates the reputational information.