> But also, PGP web of trust would break in larger adoption.
Agree with you. My guess is very quickly people would start to ultimately trust all they friends and colleagues.
There would be phishing bots to convince you to trust other bots and fake profiles, etc.
Why wouldn't it?
If you ultimately trusted a colleague that was phished into trusting the attacker, then you would trust the attacker to be who he claims to be.
They would need less believable stories and to impersonate interns, subcontractors, etc.
The pattern in the attacks could be extremely brazen, like impersonation of the editor themself or a higher position colleague to resist social checks.
Pretty strange for a long term editor to have few paths to themselves within their own publisher. (Since each attempt to gain a new connection in the publisher risks someone noticing the email address is a fraud of their own company and cause revocations.)
If the attack is 100 or 1000 times less effective it is probably written off as a complete waste of resources.
Agree with you. My guess is very quickly people would start to ultimately trust all they friends and colleagues. There would be phishing bots to convince you to trust other bots and fake profiles, etc.