Web of trust management in a distributed system

What is claimed is: 1. A system, comprising: one or more processors, and memory including instructions that, as a result of execution by the one or more processors, cause the system to: create a new version of information that describes a cryptographic domain, the new version of the information created as a cryptographically verifiable successor to a previous version of the information, the previous version specifying a previous set of quorum rules, the previous set of quorum rules defining one or more conditions to be fulfilled by a plurality of operator devices as conditions precedent to update the information; provide the new version to the plurality of operator devices; obtain digital signatures corresponding to the new version; cryptographically verify that the new version is an immediate successor to the previous version and that the previous version is an immediate successor to at least one other previous version; and as a result of the digital signatures obtained fulfilling the one or more conditions defined by the previous set of quorum rules, cause the new version to replace the previous version. 2. The system of claim 1 , wherein: the new version further specifies a hardware security module; and the instructions further include instructions that cause the system to cause the hardware security module to generate a domain token for the new version, the domain token including a set of encrypted keys for the domain. 3. The system of claim 1 , wherein the new version further specifies a set of hardware security modules authorized to perform cryptographic operations for the domain. 4. The system of claim 1 , wherein the new version further specifies a new set of operator devices different from a previous set of operator devices specified by the previous version. 5. The system of claim 1 , wherein: the new version specifies a new set of quorum rules; and the new set of quorum rules is different from the previous set of quorum rules. 6. The system of claim 1 , wherein the instructions further include instructions that cause the system to: receive a third version of the information from an entity, the entity being unspecified in the new version; and verify the third version by causing the system to verify at least one intermediate version of the information between the new version and the third version. 7. The system of claim 6 , wherein: the new version further specifies a new set of operator devices; and verification of the intermediate version includes verification that the intermediate version was authorized by a quorum of the new set of operator devices, the quorum determined based at least in part on the previous set of quorum rules. 8. A computer-implemented method, comprising: creating a new version of information that describes a cryptographic domain, the new version of the information created as a cryptographically verifiable successor to a previous version of the information, the previous version created to specify a previous set of quorum rules, the previous set of quorum rules defining one or more conditions to be fulfilled by a plurality of operator devices as conditions precedent to update the information; providing the new version to the plurality of operator devices; obtaining digital signatures corresponding to the new version; cryptographically verifying that at least the new version, the previous version, and at least one other version for a chain of immediate successors; and as a result of the digital signatures obtained fulfilling the one or more conditions defined by the previous set of quorum rules, causing the new version to replace the previous version. 9. The computer-implemented method of claim 8 , wherein creating the new version further includes digitally signing the new version using a private cryptographic key. 10. The computer-implemented method of claim 8 , wherein creating the new version further includes generating a new domain token that encodes the new version of the information. 11. The computer-implemented method of claim 8 , further comprising creating the new version to be verifiable, wherein creating the new version to be verifiable includes adding the new version into a chain of versions of the information, the chain of versions including the previous version. 12. The computer-implemented method of claim 8 , wherein: the new version further specifies a set of hardware security modules; and after the new version is caused to replace the previous version, the method further comprises: transmitting a request whose fulfillment includes performance of a cryptographic operation; receiving a response to the request that is digitally signed by a particular hardware security module; and accepting that the response includes the performance of the cryptographic operation on a condition that the particular hardware security module is a member of the set of hardware security modules. 13. A non-transitory computer-readable storage medium storing thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least: create a new version of information that describes a cryptographic domain, the new version of the information created as a cryptographically verifiable successor to a previous version of the information, the previous version created to specify a previous set of quorum rules, the previous set of quorum rules defining one or more conditions to be fulfilled by a plurality of operator devices as conditions precedent to update the information; provide the new version to the plurality of operator devices; obtain digital signatures corresponding to the new version; cryptographically verify the new version as a valid successor to the previous version by at least causing the computer system to verify that the new version is in a chain of information versions that includes the previous version; and as a result of the digital signatures obtained fulfilling the one or more conditions defined by the previous set of quorum rules, cause the new version to replace the previous version. 14. The non-transitory computer-readable storage medium of claim 13 , wherein the computer system is a member of a previous set of operator devices specified by the previous version. 15. The non-transitory computer-readable storage medium of claim 13 , wherein: a hardware security module that was specified by the previous version is unspecified in the new version; and the instructions further include instructions that cause the computer system to reject, as a result of the previous version being replaced by the new version, a cryptographic operation performed by the hardware security module. 16. The non-transitory computer-readable storage medium of claim 13 , wherein: the executable instructions further include executable instructions that cause the computer system to cryptographically verify a third version as a valid successor to the new version by at least causing the system to verify that the third version is in a chain of information versions that includes the new version and the previous version. 17. The non-transitory computer-readable storage medium of claim 16 , wherein each version in the chain is authorized in compliance with a set of quorum rules of an immediately-preceding information version. 18. The non-transitory computer-readable storage medium of claim 16 , wherein: the new version further specifies a new set of operator devices; the plurality of operator devices serves as a quorum, in accordance w