On Sep 6, 2013, at 10:35 PM, Melinda Shore <melinda.shore@xxxxxxxxx> wrote: > I actually don't think that pgp is likely to be particularly > useful as a "serious" trust mechanism, mostly because of > issues like this. It's not at all clear to me that "serious" trust mechanisms should be digital at all. Be that as it may, we have an existence proof that a web of trust is useful—Facebook, G+ and LinkedIn all operate on a web of trust model, and it works well, and, privacy issues aside, adds a lot of value. IETF uses an informal web of trust, and it works well. Most open source projects use informal webs of trust, and they work well. PGP signing for software distribution works well. What these mechanisms are not is a web of trust that you could use to authenticate a real estate transaction. You shouldn't accept them as signatures on legal contracts. You shouldn't use them to transfer large sums of money to strangers. But they are definitely useful.