On Sep 6, 2013, at 10:35 PM, Melinda Shore
<melinda(_dot_)shore(_at_)gmail(_dot_)com> wrote:
I actually don't think that pgp is likely to be particularly
useful as a "serious" trust mechanism, mostly because of
issues like this.
It's not at all clear to me that "serious" trust mechanisms should be digital
at all. Be that as it may, we have an existence proof that a web of trust is
useful—Facebook, G+ and LinkedIn all operate on a web of trust model, and it
works well, and, privacy issues aside, adds a lot of value. IETF uses an
informal web of trust, and it works well. Most open source projects use
informal webs of trust, and they work well. PGP signing for software
distribution works well.
What these mechanisms are not is a web of trust that you could use to
authenticate a real estate transaction. You shouldn't accept them as
signatures on legal contracts. You shouldn't use them to transfer large sums
of money to strangers. But they are definitely useful.