@johanbove I don't understand what's the point of applying a centralized/hierarchical structure over a decentralized/federated one? I wonder if that's good for the PGP's "web of trust" or it's a step that weakens/substitutes/centralizes it...

@txopi OpenPHP Keys on their own don't mean much, they become trustworthy when other parties certify the authenticity. My OpenPGP Key is still fully under my control. What I was able to do is add a verified and certified authority (Governikus is an official German government contractor which built the AusweisApp2) to confirm that this openPGP key is in fact part of my digital identity and that is an important link in the Web Of Trust, as it is linked to my official government issued identity.

@txopi Of course - this certification is completely optional and I agree that the Web Of Trust should be a human network first. This Governikus certification is only an extra node in the trust network that should exist between openPGP keys. Something I haven't had much experience with actually as not many of my contacts actually use OpenPGP.