Comment by rbanffy

4 years ago

I was fully expecting to see an empty HTML page.

Correct me if I'm wrong, but the only new idea here is to use a ledger to hold public keys associated with an identity. You could add keys by signing a new key with one of the previously globally accepted ones proving you are that entity and the same would go for removing a lost one, by signing a new message with all the remaining keys.

Having a key copied without your knowledge would be a major disaster, however.

Apart from that, this is not very different from using keys in SSH and providing a challenge/response login form would be very simple.

14 comments

rbanffy

Reply
betwixthewires  4 years ago

It's not about using a ledger to hold public keys. The keys exist regardless of the ledger. The idea is to use the ledger to indisputably prove ownership or control over resources. Could be money, could be access to certain services, could be files, anything.

Also, the ledger doesn't have to be public.

  • rbanffy  4 years ago

    If the ledger is not public, why would I trust it? If someone else claims they are you, how would I differentiate the conflicting claims?

    • betwixthewires  4 years ago

      Keys are identities. Someone claiming to be you doesn't matter. Always defer to keys.

      A non public ledger would be something agreed upon by participants only. So you and I and 5 other people for example could run some type of organization using some private way to keep track of state. You choose to trust it, if you don't, then don't use it.

      2 replies →

    • numtel  4 years ago

      Messages are signed by cryptographic signatures so nobody can claim to be you.

      This is how JWTs and many other protocols ensure message authenticity.

      2 replies →

iskander  4 years ago

A lot of these "this is not very different from X, you could do Y" replies remind me of the original Dropbox news.yc thread.

What everyone seems to be missing is that the web3 apps and UI conventions already have broad adoption among millions of only mildly techy users. They don't know what SSH is but they do know how to sign things with their in-browser wallet app. Of course, they also seem to not always know that giving away your private keys is quite bad...

But any "solution" that requires e.g. using the terminal is not really competing in the same space.

  • MBCook  4 years ago

    Do they really? Or did they follow some guide somewhere hoping to cash in on a gold rush?

    If a huge number of people were using cryptocurrency to pay for things every day, I would agree with you. But I think a huge number of people just make one purchase and then sit. What percent of them could actually make a purchase without having to go look up how to do it?

  • rbanffy  4 years ago

    > But any "solution" that requires e.g. using the terminal is not really competing in the same space.

    The UI required for that is something that can be done in a couple minutes. The heavy lifting is done by libraries provided with the OS.

    • iskander  4 years ago

      And Dropbox was trivially just rsync...

      Yet, crypto wallets remain the only cryptographic signature UI that normal people interact with.

      1 reply →

  • johnny22  4 years ago

    I hate all this "web3" stuff by default, but this is so important to remember so you don't miss out on what actually makes it through the hype cycle.