[flopsey]

What do terrorist networks and how they live have to do with internet security or even the outsourcing of trust in general?

On a technical level there's no meaningful connection.

Just talking philosophically they "live in caves" because the US & other govt's have armies trying to kill them. It has nothing to do with trust networks. If anything that style of trust networking has made them more secure as it's difficult to penetrate. The point that OP was making.

Finally, personal trust networks have worked remarkably well. Look at guanxi in China, social societies like the Freemasons (not in a "control the world" way, just better business contacts, etc.). These are all based on networks of trust.

I have no idea if this is the best way forward for the web but a comparison to terrorist networks is meaningless.

[politician]

The point of the comparison is that the size of networks for which trust is actively maintained are necessarily small due to the expense of maintenance. Indeed, both of your counterexamples have this property.

The OP believes that to be economically viable, trust networks must be large. Hence, outsourced trust.

But I agree with you: once your personal network grows beyond a certain size, the property connecting you directly to any particular node is no longer exclusively "trust", but will increasingly be "convenience". Usually followed shortly thereafter by "abused by".

[exelius]

The reason for the comparison is that terrorists require absolute security of their communications and can't make sacrifices for convenience. As such, they have a difficult time coordinating any large-scale attacks and this is a huge strategic advantage for their enemies. Replace large-scale attacks with "buying things online" and you start to see the limitations of the web of trust as the exclusive means of securing communication. I only brought up the comparison because it was the best example I could think of where the ONLY trust is personal trust, and even then it still gets exploited through social engineering (spies & informants). Even if you take it to the extreme like that, it's not fool-proof (or even incredibly effective). The entire point was that the failings are not technical; they're structural to the concept of trust.

Personal trust works well, and nobody's implying that you can't or shouldn't use more peer-to-peer solutions where you feel you need more security -- but it's not going to form the backbone of the global economy. At the end of the day, you need some form of centralized trusted authority with which individuals can contract to provide trust-management services, otherwise you spend all your time verifying trust and not actually doing anything.