Re: I think the real reason PGP succeeded...
Actually you're paying for the private key and the certificate that encapsulates the public key which is signed by another key or by the private key. But for brevity I said key.
No! You should be generating the keyset (public and provate keys) yourself and keeping the private key securely where nobody else gets to see it. It really is supposed to be private. What you may have to pay for is the certificate, which depends only on the public key.
And as far as trust goes, there would be nothing stopping a CA from selling its services and signing a PGP key just like they do now for certs.
Quite so ... though PGP's concept of a Web of Trust rather suggests a community in which members sign each other's keys for the common good. Methinks a paid-for signing scheme would not fit well into that philosophy.
It's important to appreciate that the difference between PGP and a PKI is as much to do with philosophy as with the difference in software and data formats. You can build a PKI around PGP, just as you can use self-signed X.509 certificates to form a Web of Trust -- by why would you?
So now CAs are the problem ...
The problem isn't CAs. The problem is that most people don't understand that unsigned EMail could have come from anyone, and don't understand that unencrypted EMail could be read by anyone ... and don't understand that there is something that they could do about it. The issue needs to achieve more public recognition, and security needs to become accepted as a commonplace part of doing business online.