Hello, OpenPGP CA

This makes so much sense since every identity exists in the context of some authority, some common referential. You&#x27;re never completely alone as the pgp-classic web of trust implies, instead you&#x27;re trusting some centrally managed keys like your distros packet signers wich you always blindly accept.. The problem is we rarely sign keys as introducers (and rightfully so) since being a CA is a big responsability. CAs are not real persons. We should probably trust a handful of public CAs with well-defined scopes (some private network, some org), a couple smaller private groups and the exceptional direct trust for the closest friends we interact with daily..<p>Looking forward to using this.. Although in my case the source of thruth wouldn&#x27;t be openpgp keys but perhaps wireguard keys to our vpn or maybe omemo or ssh keys.

I really like the term &quot;Scoped Trust Signatures&quot; and will steal it. An informative way to describe that mostly unknown and underappreciated OpenPGP feature.

This is huge.<p>OpenPGP can becope usable in a scope of a realistically large organization, and most of the hassle can be put on the shoulders of dedicated IT people, instead of every user.

What&#x27;s the difference between this and an in-house centrally managed CA?