Comment by Edmond
1 year ago
I missed your concern about pure anonymity in the whole process, the answer is NO.
You can't have such a system that is totally anonymous, it is private but not anonymous. This means it is largely anonymous but for instance law enforcement might be able to track you down...I happen to think this is a good balance though I am sure not every one agrees.
It's not just law enforcement though. With the way the laws are today, you could have the trusted entity selling that data if they're partnered with some consumers. If you save the cert usage (on the consumer side) you could eventually utilize it if the trusted entity changes hands, policies change, etc. The government is also a potential malicious actor depending on which government and how you want to define malicious.
Of course there are other issues in the chain concerning anonymity, like ISPs.