Why did the PGP Web of Trust fail?

Hi all,

   I wrote a blog post entitled perhaps a little teasingly
with the title of this thread. This followed a longer 
entry on Digital Sovereignty I wrote, where I get into
the concept of an institutional Web of Trust. This lead
Prof Bryan Ford in the distributed/decentralised systems 
group at EPFL in Lausanne to ask why that Web of Trust would
be more successful and avoid the problems of the PGP one.

So I had to look into what the exact problems with the PGP 
web of trust was. But as certain obvious limitations were 
clear from  reading the PGP spec and as I thought it would 
be unjust to tie them to such accidental errors I imagined 
what would happen if they evolved to using the W3C Verifiable 
Claims  standards. 


Please let me know if I have misunderstood something. 
I am covering quite a lot of ground here. 

Feedback very much welcome :-)

Henry Story

Received on Wednesday, 20 June 2018 19:11:53 UTC