> The traditional answer, which amazingly nobody has mentioned in this > thread, is called the PGP web of trust. This is not just the "traditional" answer, it's the only proper answer. For the uneducated reducing OpenPGP's WoT to WebPKI: you are lame. Also worth mentioning: Ian Goldberg's shadow WoT experiment.