Opinions about giving this trust matter to dedicated certificate authorities instead, like we do with HTTPS?
Edit: Found the problem with that.
Certificate authorities are supposed to actually go out and confirm that the person who requested the certificate, is the person that they say they are. This is far too much work, if you want to verify each individual person who wants to use a messenger.
Edit: Found the problem with that. Certificate authorities are supposed to actually go out and confirm that the person who requested the certificate, is the person that they say they are. This is far too much work, if you want to verify each individual person who wants to use a messenger.