GPG is not necessarily TOO hard, but it is certainly and without question the HARDEST form of authentication to adopt.  I recently joined the WoT and was pleasantly surpised to see it using GPG. This allowed me to renew some very old keys, update my passwords and generally update myself on the state of the technology. But I was very disappointed to say the least at how difficult it was to get everything working properly (invalidating old keys, updating the public repos, etc).  I was even more disappointed by how difficult it is to get verified on IRC (at one point I just quit and had to restart the next day).

The only way I can see a non-geek making this work successfully is if you literally "hold their hand and move their fingers for them", then write auth "scripts" that they can use on IRC. I get a little turned off when people suggest that its sooo EASY as if anyone who can't figure it out on their own is an idiot.

I'm totally in favor of both GPG and 2-factor auth.  I'd say that Google Authenticator (free and open source on most platforms) finally made 2FA possible for everyone.  Someone needs to do the same thing for GPG.
--------------------

Moving on, I really like this idea of blockchain trust, but I'd never support a system that was centralized (the same way bitcoin-otc is now) to one organization.  Most of the projects that I'm looking into and working on now are trying to decentralize a centralized service and I think this is the right direction moving forward.

The way I see it, as soon as the idea catches on there will be at least a dozen audenx trust networks maybe using the same protocol, maybe not.  Don't you think it would be best to start with an OPEN protocol (as in NOT tied to any specific address)?