2018-08-28
I really like this idea, but it seems like it reduces key handling to a problem of trusting a single entity to handle signing the manifest of keys. I'd love to see GPG used more in organizations, but I'm not really sure how I'd roll this out in my own company, simply because the first question becomes "Who is the person I trust to sign key manifests for this company?". Perhaps I'm not fully understanding how it is implemented.