undefined | Better HN

0 pointsSgtBastard1y ago0 comments

While being slightly more generous than my sibling comment:

If you’ve got a peer-to-peer network of information nodes, where each person is able to assert information about themselves in their node, but the whole trust is based on the polykey binding at setup, I see 3 key challenges:

1) Where’s the real world verification of any identity attributes stored in the node? 2) How do we detect when/if the root key has been compromised, allowing arbitrary new vaults and identity attributes to be automatically trusted within the network?

3) How does this meaningfully improve the experience over having a CA sign a certificate that contains attributes about you? (sibling poster’s argument).

0 comments

CryptoTotalWar1y ago

1) Real world verification is voluntary. Nothing is forcing anybody to provide real world information. Users can decide to do so by claiming a real world identity - in which the verification is outsourced to that IdP. Users can also decide who to trust based on what information is available on the network.

2) Root key compromise can be resolved through revocations on the trust network. It's the same as how PKI works right now but in a decentralized manner. This isn't possible yet on PolyKey (PK) but it's something we are working on.

3) Actually we enable CAs to sign the PK certificate. This is in our roadmap.

SgtBastardOP1y ago

I’ve previously worked heavily in digital identity and continue to talk from time to time on it - I honestly can’t see any value to this. It’s worse in some dimensions than existing systems (certificates can at least be validated offline) and offers no upsides (assertion of identity validity is the hard and valuable part).

I’d do a deep dive on verifiable credentials and ask yourself truthfully what PolyKey offers to both users and relying parties.

j / k navigate · click thread line to collapse