The infrastruture required to verify that some user is who they say they are, either by PGP's WebOfTrust or a centralized certification infrastructure provided by a CertificationAuthority (or several). Also known as a PKI.
There are many parts to the infrastruture:
- interoperability standards (X509, OpenPGP, LDAP, etc.) so that different products can work together
- software (for KeyServers, TimeStampServers, RobotCAs, crypto-aware MailClients such as Mutt, PINE, EnigMail etc.)
- the servers running the software
- actual content created and exchanged by users and servers (the PublicKeys and the WebOfTrust's signatures)
- social structure to support the software and content (KeySigningParties, etc.), which is very often symbiotic with other social structures, often including LUGs.
The security of the PublicKeyInfrastructure is not uniform and for many of the players issues such as ease of use, price and reliability are much more important.