Neither certification hiearchies nor the PGP web-of-trust are very useful because they try to bind True Names to keys and True Names have many problems. People can have duplicate names and can change their names (what happens if I legally change my name to Bill Clinton and try to get Verisign to certify my key under that name?), and often we don't care about someone's True Name. Perhaps it is better to think of names as subjective identifiers, and public keys as global ids. That is, a person who has a collection of public keys gives each of them a name, but different people can name their keys differently. Of course the holder of the corresponding private key can help in the naming process (e.g., "Please call me Wei"). If two people need to talk about a third party, they can refer to him by an arbitrary name after establishing a common binding between his key and that name. In this scheme, the man-in-the-middle problem goes away because you are no longer trying to communicate with a True Name, whose binding with a key can be spoofed, but rather with the key itself. If the holder of that key chooses to act as a middle-man by relaying messages around, that is his business, and there is really nothing you can do about it. Wei Dai