In PGP the default is that a key is untrusted until you perform some explicit verification step