Ben (on Six Apart's swanky new Six Log
), discusses extending PGP-signing
with a centralized verification/web of trust service. I agree that would be fantastic. But I don't think it needs to exist before implementing PGP-signing in open systems. Signing and verifying can already be done with desktop tools. If PGP-signing catches on, tools to make the process easier would be a void that someone could fill with a centralized Web application. It seems natural.
I think part of what makes this PGP-signing approach nice though, is that it doesn't rely on any one central service. It makes identity management completely decentralized.