Human relationships also open you up to social engineering attacks. Unless they’re face-to-face, in person, with someone who remembers what you actually look like. Which is rare these days.

That is my point. We need to put value on the face to face relationships and extend trust outward from our personal relationships.

This sort of trust is only as strong as it's weakest link but each individual can choose how far to extend their own trust.

This is what the Web of Trust does but,

> This sort of trust is only as strong as it's weakest link but each individual can choose how far to extend their own trust.

is exactly why I prefer PKI to the WoT. If you try to extend the WoT to the whole Internet, you will eventually end up having to trust multiple people you never met with them properly managing their keys and correctly verifying the identity of other people. Identity verification is in particular an issue: how do you verify the identity of someone you don't know? How many of us know how to spot a fake ID card? Additionally, some of them will be people participating in the Web of Trust just because they heard that encryption is cool, but without really knowing what they are doing.

In the end, I prefer CAs. Sure, they're not perfect and there have been serious security incidents in the past. But at least they give me some confidence that they employ people with a Cyber Security background, not some random person that just read the PGP documentation (or similar).

PS: there's still some merit to your comment. I think that the WoT (but I don't know for sure) was based on the 7 degrees of separation theory. So, in theory, you would only have to certify the identity of people you already know, and be able to reach someone you don't know through a relatively short chain of people where each hop knows very well the next hop. But in practice, PGP ended up needing key signing parties, where people that never met before were signing each other's key. Maybe a reboot of the WoT with something more user friendly than PGP could have a chance, but I have some doubts.

I’m fine with PKIs presumably in America the department of education could act as a CA.

This is such a good point. We rely way too much on technical solutions.

A better approach is to have hyperlocal offices where you can go to do business. Is this less “efficient”? Yes but when the proceeds of efficiency go to shareholders anyway it doesn’t really matter.

It is only efficient based on particular metrics. Change the metrics and the efficiency changes.

>Is this less “efficient”? Yes but when the proceeds of efficiency go to shareholders anyway it doesn’t really matter.

I agree with this but that means you need to regulate it. Even banks nowadays are purposely understaffing themselves and closing early because "what the heck are you going to do about it? Go to a different bank? They're closed at 4pm too!"

The regulation needs to be focused on the validity of the identity chain mechanism but not on individuals. Multiple human interactions as well as institutional relationships could be leveraged depending on needs.

The earliest banking was done with letters of introduction. That is why banking families had early international success. They had a familial trust and verification system.