Distributed system web of trust provisioning

What is claimed is: 1. A computer-implemented method, comprising: generating a new version of a domain trust to replace an initial version of the domain trust, wherein: the initial version of the domain trust specifies at least a first set of devices, a first set of quorum rules, and a root of trust; and the new version of the domain trust specifies at least a second set of devices, a second set of quorum rules, and the root of trust; obtaining a plurality of digital signatures from the first set of devices, wherein: the plurality of digital signatures satisfies the first set of quorum rules; and the first set of quorum rules specifies one or more conditions for the second set of devices being authorized to generate the new version of the domain trust; transmitting, to a first device of the first set of devices, a command to replace the initial version of the domain trust with the new version of the domain trust, the command comprising the plurality of digital signatures and a digital signature signed by the root of trust indicating that the initial version of the domain trust is to be trusted by the first set of devices; obtaining, from the first device, a response to the command that comprises: information usable to validate the response, the information comprising: verification of the digital signature signed by the root of trust, verification that the plurality of digital signatures satisfy the first set of quorum rules, and an indication that the first device has replaced the initial version of the domain trust with the new version of the domain trust; and a token generated based at least in part on the new version of the domain trust, wherein the token comprises a set of keys and indicates the second set of devices is authorized to access the set of keys; and transmitting the token to a second device of the second set of devices. 2. The computer-implemented method of claim 1 , wherein the token indicates a set of rules to change access to the set of keys from the first set of devices to the second set of devices. 3. The computer-implemented method of claim 1 , wherein the first set of devices and the second set of devices at least partially overlap. 4. The computer-implemented method of claim 1 , wherein the first set of devices comprises multiple hardware security modules. 5. The computer-implemented method of claim 1 , wherein the set of keys replaces a previous set of keys accessible to the first set of devices. 6. The computer-implemented method of claim 1 , further comprising validating the new version of the domain trust based at least in part on a public key corresponding to the first device. 7. The computer-implemented method of claim 1 , wherein the digital signature signed by the root of trust is generated by the root of trust based on one or more cryptographic keys and the initial version of the domain trust; and wherein the root of trust is a computing device trusted by both the first set of devices and the second set of devices such that each of the first set of devices and the second set of devices operate in accordance with whether the information is validated using cryptographic material from the root of trust obtained from any version of the domain trust based on the initial version of the domain trust. 8. A system, comprising: memory to store instructions executable by one or more processors to cause the system to: issue, to a device of a first set of devices associated with an initial version of a domain trust, a command to create an updated version of the domain trust, wherein: the initial version of the domain trust is associated with the first set of devices, a first set of quorum rules, and a root of trust; the updated version of the domain trust is associated with a second set of devices, a second set of quorum rules, and the root of trust; the device is identified by one or more quorum rules of the first set of quorum rules as being authorized to generate the updated version of the domain trust; and the command was issued with a plurality of digital signatures that satisfy the one or more quorum rules and a cryptographically verifiable digital signature, determined by the root of trust, that indicates the initial version of the domain trust is trusted by the root of trust; obtain, from the device, a response to the command, the response comprising a token, wherein the token comprises a set of keys and indicates that the second set of devices is authorized to access the set of keys; and transmit the token to a second device of the second set of devices for updating to the updated version of the domain trust. 9. The system of claim 8 , wherein the token comprises a first key encrypted under a first public key of the device of the first set of devices and a second key encrypted under a second public key of the second device of the second set of devices. 10. The system of claim 8 , wherein the token comprises information indicating a set of rules to issue a replacement token to replace the token. 11. The system of claim 8 , wherein the plurality of digital signatures satisfies a set of rules required to issue the token. 12. The system of claim 8 , wherein the set of keys comprises symmetric cryptographic keys. 13. The system of claim 8 , wherein transmission of the token to the second device causes the second device to replace a previous set of keys with the set of keys. 14. The system of claim 8 , wherein the token was issued by the second device. 15. A non-transitory computer-readable storage medium storing instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to: obtain a token issued from a first device as a result of a digital signature generated by a root of trust indicating that an initial version of a domain trust is trusted by the root of trust and a plurality of digital signatures satisfying a set of rules, wherein the token is obtained responsive to a command to replace the initial version of a domain trust with a second version of the domain trust and indicates a set of devices authorized to access a set of keys, further wherein the set of rules specify one or more conditions that indicate the first device is authorized to generate the token, wherein the token comprises current and previous token version information; and transmit the token to a second device of the set of devices. 16. The non-transitory computer-readable storage medium of claim 15 , wherein the token further comprises the set of keys corresponding to the current token version information and previous sets of keys corresponding to the previous token version information, wherein the previous sets of keys can include a previous set of keys for the root of trust. 17. The non-transitory computer-readable storage medium of claim 15 , wherein the previous token version information can be verified using a hash of a previous token version, and the token further comprises a unique hash for each previous version of the token including a previous version of the token for the root of trust. 18. The non-transitory computer-readable storage medium of claim 15 , wherein the instructions, as a result of execution by the one or more processors, further cause the computer system to ensure that the token is available to each device of the set of devices. 19. The non-transitory computer-readable storage medium of claim 15 , wherein the token chains to the root of trust that is trusted by the second device. 20. The non-transitory computer-rea