Hironobu,
Just some comments, while the list is quiet and
awaiting the "last call!"
You seem to be grasping on a definition of trust.
OpenPGP does not define what the meaning of signatures
from one user's key to another is. That is, if I sign
your key, there is no meaning defined by the tech to
what my signature should convey.
That's because it is too difficult to do at that level.
x.509/CA technologies try to do just that: define trust,
and they fail miserably. They fail at defining trust
for many many reasons, chief amongst which is that
trust is a human quality that defies categorisation
in bits and bytes.
So in actuality your comments apply more to the x.509
and CA model: they are not effective for trust.
They push something they call "trust" but its only
relationship with the word we humans share is its
spelling.
Now recast to RFC2440 / OpenPGP. This technology is
totally neutral to trust. It is neither effective nor
ineffective - it simply doesn't define that. What it
does do is provide a linking capability - from key to
key - which is ideally aligned and suitable for mapping
human, social and commerce patterns.
(So, the web of trust is misnamed. It should be the
web of links, or the web of relationships, or similar
neutral terms.)
Which is to say, if you have a vision of trust, you
can build it in RFC2440. You won't be able to build
it in x.509, because they already cast their "trust"
in concrete and got it wrong.
But, that's up to you - RFC2440 awaits your notions.
Build and see if it works. I would however suggest
that you not rely on the word "trust." That's a word
that belongs in each and every person's head, not in
tech.
iang