We show how to establish cryptographic keys in sensor networks where neither public-key infrastructure PKI nor a trusted third party exists. We use a 'web-of-trust' model, establishing 'path' keys using pairwise trust relationships between intermediaries sharing preloaded keys. We first show how to defeat current schemes with key foisting, a devastating novel attack not described in the literature. Foisting compromises 90% of the path keys, when only 10% of the sensors in the network are seized. We then present a two-way path-key establishment scheme, and a highest random weight HRW based path-key establishment scheme to deal with key foisting, using mGKE as an illustrative example. Our schemes reduce the probability of successful key foisting to nearly zero even when 20% sensors are seized. Its overhead is affordable, and its resilience is excellent. We also discuss key foisting in general distributed systems.