This makes so much sense since every identity exists in the context of some authority, some common referential. You're never completely alone as the pgp-classic web of trust implies, instead you're trusting some centrally managed keys like your distros packet signers wich you always blindly accept.. The problem is we rarely sign keys as introducers (and rightfully so) since being a CA is a big responsability. CAs are not real persons. We should probably trust a handful of public CAs with well-defined scopes (some private network, some org), a couple smaller private groups and the exceptional direct trust for the closest friends we interact with daily..<p>Looking forward to using this.. Although in my case the source of thruth wouldn't be openpgp keys but perhaps wireguard keys to our vpn or maybe omemo or ssh keys.
I really like the term "Scoped Trust Signatures" and will steal it. An informative way to describe that mostly unknown and underappreciated OpenPGP feature.
This is huge.<p>OpenPGP can becope usable in a scope of a realistically large organization, and most of the hassle can be put on the shoulders of dedicated IT people, instead of every user.