One thing that I found out when starting using PGP: When I uploaded my keys to the SKS keyserver, the keyserver did not take any action to verify that I am who I claim to be.
Since a PGP key contains a email adress, at least, the keyserver could have sent an email with an link inside that must be clicked for the key to become live on the keyserver. Then you atleast know that the person who uploaded the PGP key, does atleast Control the email adress he claims to own.
Why does not PGP keyservers verify the ownership of the claimed email account?
Yes, I do understand the web of trust system, but doing a simply automated "Click this link to make your key go live on the key servers" would at least require any impostor to have access to the email account, and such a system could be implemented on keyservers with only a few lines of code.
Another thing I dont know, is how do people verify other's claimed email at Key signing parties? At key signing parties, people show their ID card. But there are no email addresses on the ID card. Yes today with the smartphone evolution, you could send a email to the claimed email address and ask the other person to read it out loud, but how did people do at KSP's when smartphones were not a big thing and you didn't have access to the email account for the moment on the KSP? Especially with email accounts that are behind firewalls, eg Corporate or ISP accounts that can only be used inside the authorized network?