[Avamander]

There's no way to do one-to-one identity verification and authentication without centralized coordination and control. Just as an example, even if we really wanted to there'd be now way to let only one CA issue a certificate for a domain if any of the CAs is rogue.

[marcosdumay]

There is no easy way.

What is an important distinction, since there exist situations when even hard to follow procedures are better than a centralized option. Those are just not your daily "how do I know if I can show you my credit card" situations.

[glennpratt]

> even hard to follow procedures are better than a centralized option

Sorry, I don't have nearly enough information to accept that.

[Avamander]

There's no cryptographically secure way as far as I'm aware.

[marcosdumay]

You do get in front of the other person and exchange public keys. Or you ask for help from a set of trusted middle-man. Those are perfectly fine ways to run a PKI, they are just not fit for the "entire web" PKI.

[Avamander]

Those methods really don't scale by the fact that we haven't had a single system like that catch any popularity. It's usually just too cumbersome and not more trustworthy.