PGP already allows for this via "owner trust". When you sign a key, also indicate the level of trust you have in newly certified key's owner to certify other keys.

It's of course up to you to decide who you can trust to certify other keys.

edit: It's worth mentioning, "owner trust" is strictly a local attribute -- just because you fully trust John, and I fully trust you, my trust for John's certification of 3rd party keys remains unknown.

I lost trust in the user's of PGP in 2000 at the Free Software Meeting.

I was interested in crypto. Met theses guys that were hackers while I was a sysadmin specialized in SMTP(s).

And among the community of the dark warlords running openBSD (not a dev, just a user), I met this one guy explaining me correctly the whole ring of trust stuff. I incidently had read the howto, generated my fingerprint, and prepared myself for key signing.

And then, he proudly told me that he had his cats public key trusted by some others elite hackers. And it was true. I checked. And I threw away my fingerprints understanding it was human nature the problem, not the techno.

Before this day I had some doubt about the security experts, the balance being a tad on the pretty unsure they look like frauds. After this days the balance has been seriously going on the distrust side.

And more and more ever after.

I would accept he was not DJB and not a top one, but most of the community of security enthusiasts out of the coders and researchers look like football fanatics that are more interested in a posture or a status than anything else.

And to be honest I honestly like most technologies, PHP/js/Perl/Fortran/C/C++ included, but now it is the crowds around the technologies I have difficulty coping with. As much as I have no problem with sports, but I have problem with sports enthusiasts/fans.

I have no problems with that guy. I have problems with all those guys who signed the key.

And, again, as you mentioned, those were security experts.

You think that your neighbor won't fall for that?

So let's go through a hypothetical situation:

A has friend 1 and 2. He vets them, checks their ID, goes to a key-signing party, trusts that they are 1 and 2 with his life.

Now he gets an email from "5000" who claims that he's from the IRS and needs to know information from you.

You look up this "5000"s signature.

Now, none of A's friends work in the IRS, but "5000" was signed by "500","302","201" and another 500 people.

"302" was signed by "23", "23" was signed by "2".

Should "A" send him the info?

Theoretically, he can call "2", ask him how "2" knows "23", then call "23" on behalf of "2", and so on.

But he doesn't know if "23" is honest, and all the more so "302".

And what if "302" says that he knows who he is because he self-identified as "5000 from the IRS" at a bar?

Too much thinking.

Now imagine A is the kind of person who downloads EXEs to view cat pictures?

At this point we should really be leveraging the (admittedly problematic at times) chain of trust built for the web.

In an ideal world you could query the mail server for the domain in question for the person's keys using a simple HTTPS transfer. Verify the certificate is signed by a trusted party and issued to the domain in question, then request the public key for your destination. Sign the mail with that public key, and probably store it (or a fingerprint) so you can note any anomalous changes later.

This could all be built into the mail client and happen at the click of a button. With an interface like this even your mother could use encrypted email.

But it can't happen because someone will point out that the web of trust can't be trusted because governments could infiltrate it. Perfect has been the enemy of good in this system for decades.