

Ask HN: Peer to Peer trust? - acd

Are there any current standards for peer to peer trust, so if a majority of your known friends trust a service you could too?<p>I have a problem with the security model of the current CA solutions. Evil governments could start an CA and issue fake MITM man in the middle certificates, or they could simply hack into an CA. Would it not be wiser to trust a majority of your friends and family rather than to trust an unknown certificate authority?<p>Why do you have to involve self signed certificates or CA certificates if you want to encrypt a service for a known friend?
======
staunch
Meet in person to exchange keys and go from there.

[https://en.wikipedia.org/wiki/Key_signing_party](https://en.wikipedia.org/wiki/Key_signing_party)

[https://en.wikipedia.org/wiki/Web_of_trust](https://en.wikipedia.org/wiki/Web_of_trust)

~~~
tg3
Yeah, there's pretty decent open source consumer-friendly(ish) PGP/GPG
software available. The difficulty tends to be convincing all your friends to
use it (which OP took as a given).

