[exelius]

The reason for the comparison is that terrorists require absolute security of their communications and can't make sacrifices for convenience. As such, they have a difficult time coordinating any large-scale attacks and this is a huge strategic advantage for their enemies. Replace large-scale attacks with "buying things online" and you start to see the limitations of the web of trust as the exclusive means of securing communication. I only brought up the comparison because it was the best example I could think of where the ONLY trust is personal trust, and even then it still gets exploited through social engineering (spies & informants). Even if you take it to the extreme like that, it's not fool-proof (or even incredibly effective). The entire point was that the failings are not technical; they're structural to the concept of trust.

Personal trust works well, and nobody's implying that you can't or shouldn't use more peer-to-peer solutions where you feel you need more security -- but it's not going to form the backbone of the global economy. At the end of the day, you need some form of centralized trusted authority with which individuals can contract to provide trust-management services, otherwise you spend all your time verifying trust and not actually doing anything.