On 20 Jun 2018, at 22:02, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:

The to date only provably scalable trust scheme I'm aware of is the "four corner model" used by banks.

That is, clients trust their respectively banks which in turn trust each other.

A down-side of that model is that it is hard to combine with end-2-end security.

That sounds like my proposal for an institutional web of trust illustrated
in the attached picture, but also described in more detail in the section
"A Socio Technical Implementation Proposal" 
of this article
https://medium.com/cybersoton/from-digital-sovereignty-to-the-web-of-nations-61fbc28d79cd#b014


Here it is more declarative, and more flexible (as it can work at different levels including individual), but we have a peer to peer web of nations, that funds a large part of the legal trust that the institutions we rely on.

Henry 



Anders

On 2018-06-20 21:11, Henry Story wrote:
Hi all,
   I wrote a blog post entitled perhaps a little teasingly
with the title of this thread. This followed a longer
entry on Digital Sovereignty I wrote, where I get into
the concept of an institutional Web of Trust. This lead
Prof Bryan Ford in the distributed/decentralised systems
group at EPFL in Lausanne to ask why that Web of Trust would
be more successful and avoid the problems of the PGP one.
So I had to look into what the exact problems with the PGP
web of trust was. But as certain obvious limitations were
clear from  reading the PGP spec and as I thought it would
be unjust to tie them to such accidental errors I imagined
what would happen if they evolved to using the W3C Verifiable
Claims  standards.
https://medium.com/@bblfish/what-are-the-failings-of-pgp-web-of-trust-958e1f62e5b7
Please let me know if I have misunderstood something.
I am covering quite a lot of ground here.
Feedback very much welcome :-)
Henry Story
http://co-operating.systems/