Trust Model¶ Official issuers are trusted by default Self-signed issuers require explicit trust Revocation and transparency for compromised keys