http://u.qdnx.org/file/rozzin-20190703T045719-zz2dqzz.html
It may also matter that when I say "#PGP", I really mean "#GnuPG" because AFAICT GPG is the PGP that everyone actually uses these days. There are "trust signatures" in #OpenPGP, and GPG can make and use them..., but they're a whole different thing from "trust", "signatures", and #WoT. And I don't think I've ever actually seen one in the wild. Some other PGP implementation might use tsigs by default? But I doubt it?