This makes so much sense since every identity exists in the context of some authority, some common referential. You're never completely alone as the pgp-classic web of trust implies, instead you're trusting some centrally managed keys like your distros packet signers wich you always blindly accept.. The problem is we rarely sign keys as introducers (and rightfully so) since being a CA is a big responsability. CAs are not real persons. We should probably trust a handful of public CAs with well-defined scopes (some private network, some org), a couple smaller private groups and the exceptional direct trust for the closest friends we interact with daily..
Looking forward to using this.. Although in my case the source of thruth wouldn't be openpgp keys but perhaps wireguard keys to our vpn or maybe omemo or ssh keys.
In practice the public CAs didn't quite work out. www.cacert.org tried it, and was interesting, but didn't work out in the end. Especially now its a bit of a joke with the login page on http and the website certificate not being cross-signed, so you have to accept them explicitly.
I really like the term "Scoped Trust Signatures" and will steal it. An informative way to describe that mostly unknown and underappreciated OpenPGP feature.
OpenPGP can becope usable in a scope of a realistically large organization, and most of the hassle can be put on the shoulders of dedicated IT people, instead of every user.
[+] [-] lapinot|4 years ago|reply
Looking forward to using this.. Although in my case the source of thruth wouldn't be openpgp keys but perhaps wireguard keys to our vpn or maybe omemo or ssh keys.
[+] [-] viraptor|4 years ago|reply
[+] [-] upofadown|4 years ago|reply
[+] [-] nine_k|4 years ago|reply
OpenPGP can becope usable in a scope of a realistically large organization, and most of the hassle can be put on the shoulders of dedicated IT people, instead of every user.
[+] [-] mawise|4 years ago|reply
[+] [-] thayne|4 years ago|reply
[+] [-] viraptor|4 years ago|reply