Heartbleed and X.509 are basically unrelated aren't they?
The OpenSSL bug that allows heartbleed is nothing at all to do with the (many) flaws in the public trust system.
The fundamental problem here (as I see it) is that you're trying to set up trust between parties that have no existing relationship. This requires third parties and externalised trust whether you use a CA or a P2P net.
Either way, it's nothing much to do with heartbleed, which would have leaked the keys to the kingdom under either model.
The OpenSSL bug that allows heartbleed is nothing at all to do with the (many) flaws in the public trust system.
The fundamental problem here (as I see it) is that you're trying to set up trust between parties that have no existing relationship. This requires third parties and externalised trust whether you use a CA or a P2P net.
Either way, it's nothing much to do with heartbleed, which would have leaked the keys to the kingdom under either model.