There could be a “validator” you choose that has to sign off on the blockchain the seller’s claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.
The point is, nobody can change their answer later with lots of independently operated data redundancy. The data is meant to be tamper proof. Its up to you to authenticate identities, delegate authentication, or blind trust the seller before trusting that data.
It’s not a one size fits all solution. A better example is if all the transport authorities in the world wanted to share one database. Who would all those transport authorities trust to operate it globally? Probably no organization would have the trust of all of them. With a blockchain, transferring that ownership from being managed by one authority to another would then go through that validation flow where the seller and receiver transport authorities sign off that they authenticated the other out-of-band and that they authorize this transaction as a matter of public record.
The NFT use case is dumb for digital art with the intent they hold value as if the resource is scarce.
The Matter DCL on the other hand I think is a great use case. Apple, Amazon, Google, and many more companies want to share a common database for certified IoT devices. They don’t trust each other enough to agree to one company operating this database. They can agree to a certifier, but its not the certifier’s role to certify devices and host the infrastructure to automate a device is certified during adoption by a customer. So the big companies built that infrastructure using a blockchain and made it easy for the certifier (account authenticated out-of-band when created) to post certification results. 67% of the companies verify the certifier’s identity on the chain matches who they previously authenticated every time a result is posted (automated using public key cryptography). Only then are the results authorized to be published. Since the data is tamper proof, everyone trust those published results.
The way this currently works is certifiers publish lists of what they certify. No block chain needed and if a certifier becomes untrustworthy, you can start ignoring what they say.
Rather than making a pachinko machine of keys, trust, and computational waste, you can simply ask certifiers you care about “is XYZ certified”.
There’s little value in making certifications immutable.
Lemmy analogy might be a better example if it was on a blockchain. Its like if we all started putting PGP signatures at the end of our posts, only its baked into the protocol. That way, as messages traverse the fediverse, they cannot be altered without detection.
Certificate publishers can post on ANY instance and consumers can read those result also on ANY instance, similar to Lemmy. If we didn’t see value in a common UX we would all go back to old school forums. Likewise, if we didn’t see value in federating, we would be on some centralized platform.
If an account claiming to be Elon Musk said they were going to do an AMA, we won’t believe it without additional proof he is controlling the private key of the account that made the claim.
The open ledger (immutable messages) is the big distinguisher. Its like having archive.org or users taking screenshots of a public figure’s message before they delete it, but baked into the protocol for every message. Probably not a great social media feature, but for business transactions over a federated distribution channel, its nice to have.
Not all blockchains require mining and create computational waste. See tendermint/cosmos, the one the Matter DCL uses.
These are a lot of steps for what we already have that already does this, the internet. In a decentralized fashion no less.
TLS certificates are in fact proof that “this data came from a trusted webmaster.” Every communication is secured such that you can’t have a third party tamper with legitimate messages.
Certainly this doesn’t prevent a website from changing messages (as you point out, archive.org solves that problem). For the most part, that’s not really a negative. Things change and sometimes the old information needs to be corrected.
The internet goes a step further, though, because we have a set of trusted certificate managers we can know for sure that the signed cert we get from “google.com” is actually from the owners of google.com. An issue with the block chain is there are no trusted 3rd parties saying for sure “this signature came from X”. So how can you tell that the public key you are looking at is actually musk’s and not someone else’s? What about the case of musk losing his key (which, hilariously, happened with the Q poster on 4chan). You end up needing to rely on some out of chain communication to re-establish the new set of facts and to (importantly) invalidate future communications in the case that the old key is actually compromised.
All these problems are solved with TLS.
Certificate publishers aren’t having problems getting their certificates out there or letting the general public know about them. Go to ul.com and you to can see what UL has certified.
The only benefit I’m seeing is you can see that UL revokes a cert for some reason. But that’s generally not something you care about. When looking for certification you want to know “what is the current certification status of this”. Nothing more.
Blockchains I fully agree don’t deal with trusting a public key. Something out-of-band is needed if you need to trust the author of a claim and not just the claim is consistent. Concsistancy is where I see a block chain adds value.
Lets look at Matter which is operated by a coalition of companies (connectivity Standards Alliance or CSA).
What if the CSA wants many certifiers and not just ul.com?
What if the CSA wants a single datastore of those results? Maybe ul.com stops certification for Matter devices and no longer wants to maintain infrastructure for the CSA. The CSA then needs a cache of past certifications some place then.
What if CSA members don’t trust any one company in the coalition to host that federated datastore? For example, Apple fears if Google hosted they will introduce random faults when queried to cause a poor user experience when checking an Apple product. Nobody is neutral enough that everyone can agree on one company to host. Since this is an international standard, it could be the US and China won’t agree on a host. Point is, nobody trusts anyone to consistently report the same thing.
They don’t even trust an outside entity like ul.com to provide consistent reports.
Once its been said on a blockchain, it cannot be unsaid. It would take 2/3 of the coalition to agree to a false result to screw over the other 1/3.
Important decisions like votes on what accounts/wallets on the chain can post certification results also requires a 2/3 majority that can be audited on the ledger. Trust of those accounts is established off the blockchain.
If a certifier doesn’t want to certify a device, a blockchain won’t solve that. Its solves the trust problem that results will be consistent during the millions of requests for a certification result. My bank has a trusted certificate as a trusted web master. Doesn’t mean they won’t give me different loan options based on location/browser/any other meta data they can get. That is their right to not give consistent results. That doesn’t mean there are not any use cases for it.
You already can’t modify my copy of a document digitally signed by you, which I can use to detect/prove that you have attempted to change your copy (because only you can use your private key)
And we already know that blockchains do not solve the root iof trust issue. Why would I suspect data if you tell me said data, but trust that exact same data if you put it in a blockchain and i read it from there? I’m not worried about you changing the words. I’m worried about your words being bullshit in the first place and not being able to have that rectified. Any solution to that involves me trusting some central authority to be able to make those changes, which defeats the purpose completely.
Tamper proof federated distribution. That’s it now that I’ve had a couple days to think on it. Why use Lemmy when Reddit or even old school forums exist? We (as a generalization) are here because we see value in accessing many forums under one UX and we do not trust Reddiit as a centralized distributer.
If some user here started posting they were a famous person, we wouldn’t trust that without some additional verification. Same with blockchain accounts/wallets.
Blockchains provide one possible mechanism that prevents any Lemmy instance from falsely distributing ActivityPub messages from a user that did not author them. False messages can be checked they didn’t come from that user since they were not signed with their private key. The rest of the federated distributors would detect the forgery and drop the message.
Sure we could all sign our messages with a PGP key. Blockchains just bake this feature into the distribution.
The last feature, which may or may not be desirable, is that these tamper proof federated distribution channels have a full audit log.
you don’t need blockchain for it to be baked into the distribution. you just need to implement it. You even said how yourself.
The only thing a distributed blockchain would achieve would be that now, every instance needs a full copy of everything on every instance, instead of only the stuff its users are subscribed to.
your proposal also assumes that instances post untanted data in the first place. You seem so focused on verifying who said what. What we need to verify is that what is said reflects reality.
this is not possible. it works with crgptocurrincies because there you’re just moving coins that already exist in the system. That way nobody can create coins out of thin air because you can always see where the coin was taken from. This is obviosly impossible with comments. You can’t just pre-create all comments and have users distributing those among themselves.
Totally agree you do not need a blockchain. Its just one class of implementations. There are others like Apache Zookeeper, or even just roll your own.
Also really appreciate you engaging with me on the topic. I’m currently working on a federated product (business to business). Blockchains have come up (private chain), so I’m trying to convince myself it brings something to the table as a framework by arguing from the other side.
Verifying who said what is the major concern we are trying to solve. Everyone having a copy of the data is also preferred so each business pays for their own read usage.
Verifying who is who is pretty much solved using traditional PKI with certificates. The what is said is less of a concern so long as we know who said it. The whats in our use case are not digital assets.
We are looking at it like pub/sub kafka-like framework with complete history intact that is immutable without needing to dedicate resources to rolling our own. Co-operators have something to gain by working together (long term) but can also gain by screwing each other over (short term).
Tendermint/Cosmos has been looking pretty attractive as a private chain with ~1s commits (no mining). 67% of the nodes must agree on who signed a message and the order the messages were seen to commit it to the next block. So far its seeming pretty convenient for what we are looking for.
There could be a “validator” you choose that has to sign off on the blockchain the seller’s claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.
In other words, for blockchain technology to be applied to sales validation, there needs to be a central authority who everybody trusts, that can validate transactions.
There could be a “validator” you choose that has to sign off on the blockchain the seller’s claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.
The point is, nobody can change their answer later with lots of independently operated data redundancy. The data is meant to be tamper proof. Its up to you to authenticate identities, delegate authentication, or blind trust the seller before trusting that data.
It’s not a one size fits all solution. A better example is if all the transport authorities in the world wanted to share one database. Who would all those transport authorities trust to operate it globally? Probably no organization would have the trust of all of them. With a blockchain, transferring that ownership from being managed by one authority to another would then go through that validation flow where the seller and receiver transport authorities sign off that they authenticated the other out-of-band and that they authorize this transaction as a matter of public record.
The NFT use case is dumb for digital art with the intent they hold value as if the resource is scarce.
The Matter DCL on the other hand I think is a great use case. Apple, Amazon, Google, and many more companies want to share a common database for certified IoT devices. They don’t trust each other enough to agree to one company operating this database. They can agree to a certifier, but its not the certifier’s role to certify devices and host the infrastructure to automate a device is certified during adoption by a customer. So the big companies built that infrastructure using a blockchain and made it easy for the certifier (account authenticated out-of-band when created) to post certification results. 67% of the companies verify the certifier’s identity on the chain matches who they previously authenticated every time a result is posted (automated using public key cryptography). Only then are the results authorized to be published. Since the data is tamper proof, everyone trust those published results.
This is a hammer in search of a nail.
The way this currently works is certifiers publish lists of what they certify. No block chain needed and if a certifier becomes untrustworthy, you can start ignoring what they say.
Rather than making a pachinko machine of keys, trust, and computational waste, you can simply ask certifiers you care about “is XYZ certified”.
There’s little value in making certifications immutable.
See UL certification.
Lemmy analogy might be a better example if it was on a blockchain. Its like if we all started putting PGP signatures at the end of our posts, only its baked into the protocol. That way, as messages traverse the fediverse, they cannot be altered without detection.
Certificate publishers can post on ANY instance and consumers can read those result also on ANY instance, similar to Lemmy. If we didn’t see value in a common UX we would all go back to old school forums. Likewise, if we didn’t see value in federating, we would be on some centralized platform.
If an account claiming to be Elon Musk said they were going to do an AMA, we won’t believe it without additional proof he is controlling the private key of the account that made the claim.
The open ledger (immutable messages) is the big distinguisher. Its like having archive.org or users taking screenshots of a public figure’s message before they delete it, but baked into the protocol for every message. Probably not a great social media feature, but for business transactions over a federated distribution channel, its nice to have.
Not all blockchains require mining and create computational waste. See tendermint/cosmos, the one the Matter DCL uses.
These are a lot of steps for what we already have that already does this, the internet. In a decentralized fashion no less.
TLS certificates are in fact proof that “this data came from a trusted webmaster.” Every communication is secured such that you can’t have a third party tamper with legitimate messages.
Certainly this doesn’t prevent a website from changing messages (as you point out, archive.org solves that problem). For the most part, that’s not really a negative. Things change and sometimes the old information needs to be corrected.
The internet goes a step further, though, because we have a set of trusted certificate managers we can know for sure that the signed cert we get from “google.com” is actually from the owners of google.com. An issue with the block chain is there are no trusted 3rd parties saying for sure “this signature came from X”. So how can you tell that the public key you are looking at is actually musk’s and not someone else’s? What about the case of musk losing his key (which, hilariously, happened with the Q poster on 4chan). You end up needing to rely on some out of chain communication to re-establish the new set of facts and to (importantly) invalidate future communications in the case that the old key is actually compromised.
All these problems are solved with TLS.
Certificate publishers aren’t having problems getting their certificates out there or letting the general public know about them. Go to ul.com and you to can see what UL has certified.
The only benefit I’m seeing is you can see that UL revokes a cert for some reason. But that’s generally not something you care about. When looking for certification you want to know “what is the current certification status of this”. Nothing more.
Blockchains I fully agree don’t deal with trusting a public key. Something out-of-band is needed if you need to trust the author of a claim and not just the claim is consistent. Concsistancy is where I see a block chain adds value.
Lets look at Matter which is operated by a coalition of companies (connectivity Standards Alliance or CSA).
What if the CSA wants many certifiers and not just ul.com?
What if the CSA wants a single datastore of those results? Maybe ul.com stops certification for Matter devices and no longer wants to maintain infrastructure for the CSA. The CSA then needs a cache of past certifications some place then.
What if CSA members don’t trust any one company in the coalition to host that federated datastore? For example, Apple fears if Google hosted they will introduce random faults when queried to cause a poor user experience when checking an Apple product. Nobody is neutral enough that everyone can agree on one company to host. Since this is an international standard, it could be the US and China won’t agree on a host. Point is, nobody trusts anyone to consistently report the same thing.
They don’t even trust an outside entity like ul.com to provide consistent reports.
Once its been said on a blockchain, it cannot be unsaid. It would take 2/3 of the coalition to agree to a false result to screw over the other 1/3.
Important decisions like votes on what accounts/wallets on the chain can post certification results also requires a 2/3 majority that can be audited on the ledger. Trust of those accounts is established off the blockchain.
If a certifier doesn’t want to certify a device, a blockchain won’t solve that. Its solves the trust problem that results will be consistent during the millions of requests for a certification result. My bank has a trusted certificate as a trusted web master. Doesn’t mean they won’t give me different loan options based on location/browser/any other meta data they can get. That is their right to not give consistent results. That doesn’t mean there are not any use cases for it.
You already can’t modify my copy of a document digitally signed by you, which I can use to detect/prove that you have attempted to change your copy (because only you can use your private key)
And we already know that blockchains do not solve the root iof trust issue. Why would I suspect data if you tell me said data, but trust that exact same data if you put it in a blockchain and i read it from there? I’m not worried about you changing the words. I’m worried about your words being bullshit in the first place and not being able to have that rectified. Any solution to that involves me trusting some central authority to be able to make those changes, which defeats the purpose completely.
so what’s the value add here?
Tamper proof federated distribution. That’s it now that I’ve had a couple days to think on it. Why use Lemmy when Reddit or even old school forums exist? We (as a generalization) are here because we see value in accessing many forums under one UX and we do not trust Reddiit as a centralized distributer.
If some user here started posting they were a famous person, we wouldn’t trust that without some additional verification. Same with blockchain accounts/wallets.
Blockchains provide one possible mechanism that prevents any Lemmy instance from falsely distributing ActivityPub messages from a user that did not author them. False messages can be checked they didn’t come from that user since they were not signed with their private key. The rest of the federated distributors would detect the forgery and drop the message.
Sure we could all sign our messages with a PGP key. Blockchains just bake this feature into the distribution.
The last feature, which may or may not be desirable, is that these tamper proof federated distribution channels have a full audit log.
you don’t need blockchain for it to be baked into the distribution. you just need to implement it. You even said how yourself.
The only thing a distributed blockchain would achieve would be that now, every instance needs a full copy of everything on every instance, instead of only the stuff its users are subscribed to.
your proposal also assumes that instances post untanted data in the first place. You seem so focused on verifying who said what. What we need to verify is that what is said reflects reality.
this is not possible. it works with crgptocurrincies because there you’re just moving coins that already exist in the system. That way nobody can create coins out of thin air because you can always see where the coin was taken from. This is obviosly impossible with comments. You can’t just pre-create all comments and have users distributing those among themselves.
Totally agree you do not need a blockchain. Its just one class of implementations. There are others like Apache Zookeeper, or even just roll your own.
Also really appreciate you engaging with me on the topic. I’m currently working on a federated product (business to business). Blockchains have come up (private chain), so I’m trying to convince myself it brings something to the table as a framework by arguing from the other side.
Verifying who said what is the major concern we are trying to solve. Everyone having a copy of the data is also preferred so each business pays for their own read usage.
Verifying who is who is pretty much solved using traditional PKI with certificates. The what is said is less of a concern so long as we know who said it. The whats in our use case are not digital assets.
We are looking at it like pub/sub kafka-like framework with complete history intact that is immutable without needing to dedicate resources to rolling our own. Co-operators have something to gain by working together (long term) but can also gain by screwing each other over (short term).
Tendermint/Cosmos has been looking pretty attractive as a private chain with ~1s commits (no mining). 67% of the nodes must agree on who signed a message and the order the messages were seen to commit it to the next block. So far its seeming pretty convenient for what we are looking for.
In other words, for blockchain technology to be applied to sales validation, there needs to be a central authority who everybody trusts, that can validate transactions.