[1] So long as there are motives of greed, politics, revenge, etc., those who perform (or supervise) work done by such an entity will provide potential loopholes through which the necessary trust may leak.
That large impersonal corporations make promises of accuracy in their attestations of the correctness of a claimed public-key-to-user correspondence (e.g., by a certificate authority as a part of a public key infrastructure) changes little.
The 2011 incident at CA DigiNotar broke the trust of the Dutch government's PKI, and is a textbook example of the weaknesses of the system and the effects of it.
PGP users digitally sign each other's certificates and are instructed to do so only if they are confident the person and the public key belong together.
For example, in financial matters, bonding companies[clarification needed] have yet to find a way to avoid losses in the real world.
For instance, a notary public acts as a trusted third party for authenticating or acknowledging signatures on documents.