NiGHTSFTP: Yes, filtering by trusted keys is exactly the way to address the problem I mentioned (malicious ratings). And sharing key databases with others you trust is also a good idea. PGP lets you do stuff like this (with key rings) and the Advogato trust network offers another approach to the same idea (see YotamAviv's earlier post about one-of-us.org).

Using a p2p storage system to store keys and ratings (more generally, certificates) also works well, since it avoids the need for a centralized or hierarchical storage system like DNS. In fact, my research is looking at just such a system.

One challenge with storing ratings as files on Gnutella is that Gnutella lookups are notoriously unreliable. That is, unless a piece of content is very popular, there's a good chance you won't find it. Therefore, it might be hard to find the ratings from people you trust, even if they exist.