Comment by superfrank
4 years ago
> Despite these advantages, Persona failed. I don't see how a blockchain-based approach, with so many disadvantages compared to Persona, could possibly succeed outside of the blockchain enthusiast community. And, on a technical level, a federated approach seems innumerably simpler and less wasteful than a blockchain-based approach.
Sometimes it's all about being in the right place, at the right time, with the right amount of hype. Inferior technologies win out all the time.
That being said, if (major if) auth through web3 did take off, I wouldn't be surprised if over time it slowly creeped back toward a solution that doesn't use blockchain since a non-blockchain solution would probably be simpler, cheaper, and faster.
> That being said, if (major if) auth through web3 did take off, I wouldn't be surprised if over time it slowly creeped back toward a solution that doesn't use blockchain since a non-blockchain solution would probably be simpler, cheaper, and faster.
I don't think you necessarily need blockchain. Can't you just prove that you are who you say by signing something and sending it to the service? You can just use the protocol.
> I don't think you necessarily need blockchain. Can't you just prove that you are who you say by signing something and sending it to the service?
It's important to remember that blockchains are just public-key cryptography where you have a private key that can sign things and, importantly, everyone knows everyone else's verified public keys. That's it. It solves the key distribution and verification problem that PGP and TLS etc have and this enables a lot of use cases such as universal private communication channels and authentication.
Signing the message is key for this yes but knowing that a certain key is connected to a specific user and that user having the ability to use it to sign verified messages everyone in the world can trust is the real utility here and what makes this universal SSO system work well.
But it doesn't solve that at all since there's no way to tie something on the block chain to the real world. All the same problems of knowing whether some particular PGP key belongs to the person you want apply the same to a wallet address.
8 replies →
How does everyone know everyone's verified public keys? How are they verified? Who does the verification? How do you trust the verifiers? How do you know that person x in the real world has pubkey x?
2 replies →
This description fits Keybase equally well, which never really took off into mainstream and then shot itself in the foot by being acquired by Zoom.
Also GPG doesn’t have a key distribution problem. You can spin up a keyserver or use a popular existing one.
As far as the technology goes, you could have the user GPG sign something and upload that attestation. Something about the UX of that leads me to believe that'll be a non-starter though.
Login/verification doesn't require a transaction though, so is relatively quick. Blockchain in this context can be thought of as a collection of (public) keys.
For all of its flaws, I find the web3 space fun...but I'm also hoping that some of the non-financialized use cases move to other kinds of distributed algorithms, like Hypercore (https://hypercore-protocol.org/).
Even if the technological ideal comes to fruition in a few years (sharded modular proof-of-stake consensus blockchains with zero-knowledge rollups and dedicated data availability layers), it will still eternally remain enmeshed with speculation and scamming. I think there's a narrow time and place for the speculative assets but wouldn't want that interwoven throughout the fabric of everything online.
I see the speculation-everywhere mode that web3 is currently in as a something that the future web will occasionally devolve into.
An idea will come along that enough of us can get behind, that idea will attract money and solve real problems for a while and when they're no longer problematic enough to warrant spending money on the system will collapse back into speculation hell until the next idea-that-we-can-get-behind comes along.