@GarrittyOf@matthew_d_green Maybe the @signalapp model? Raw Trust On First Use (TOFU) like SSH but at scale + client-side warning "the digital signature changed" + enough eyeballs to catch it. That model de-centralizes trust away from the shady certificate businesses to everybody.
