These are a lot of steps for what we already have that already does this, the internet. In a decentralized fashion no less.
TLS certificates are in fact proof that “this data came from a trusted webmaster.” Every communication is secured such that you can’t have a third party tamper with legitimate messages.
Certainly this doesn’t prevent a website from changing messages (as you point out, archive.org solves that problem). For the most part, that’s not really a negative. Things change and sometimes the old information needs to be corrected.
The internet goes a step further, though, because we have a set of trusted certificate managers we can know for sure that the signed cert we get from “google.com” is actually from the owners of google.com. An issue with the block chain is there are no trusted 3rd parties saying for sure “this signature came from X”. So how can you tell that the public key you are looking at is actually musk’s and not someone else’s? What about the case of musk losing his key (which, hilariously, happened with the Q poster on 4chan). You end up needing to rely on some out of chain communication to re-establish the new set of facts and to (importantly) invalidate future communications in the case that the old key is actually compromised.
All these problems are solved with TLS.
Certificate publishers aren’t having problems getting their certificates out there or letting the general public know about them. Go to ul.com and you to can see what UL has certified.
The only benefit I’m seeing is you can see that UL revokes a cert for some reason. But that’s generally not something you care about. When looking for certification you want to know “what is the current certification status of this”. Nothing more.
Blockchains I fully agree don’t deal with trusting a public key. Something out-of-band is needed if you need to trust the author of a claim and not just the claim is consistent. Concsistancy is where I see a block chain adds value.
Lets look at Matter which is operated by a coalition of companies (connectivity Standards Alliance or CSA).
What if the CSA wants many certifiers and not just ul.com?
What if the CSA wants a single datastore of those results? Maybe ul.com stops certification for Matter devices and no longer wants to maintain infrastructure for the CSA. The CSA then needs a cache of past certifications some place then.
What if CSA members don’t trust any one company in the coalition to host that federated datastore? For example, Apple fears if Google hosted they will introduce random faults when queried to cause a poor user experience when checking an Apple product. Nobody is neutral enough that everyone can agree on one company to host. Since this is an international standard, it could be the US and China won’t agree on a host. Point is, nobody trusts anyone to consistently report the same thing.
They don’t even trust an outside entity like ul.com to provide consistent reports.
Once its been said on a blockchain, it cannot be unsaid. It would take 2/3 of the coalition to agree to a false result to screw over the other 1/3.
Important decisions like votes on what accounts/wallets on the chain can post certification results also requires a 2/3 majority that can be audited on the ledger. Trust of those accounts is established off the blockchain.
If a certifier doesn’t want to certify a device, a blockchain won’t solve that. Its solves the trust problem that results will be consistent during the millions of requests for a certification result. My bank has a trusted certificate as a trusted web master. Doesn’t mean they won’t give me different loan options based on location/browser/any other meta data they can get. That is their right to not give consistent results. That doesn’t mean there are not any use cases for it.
These are a lot of steps for what we already have that already does this, the internet. In a decentralized fashion no less.
TLS certificates are in fact proof that “this data came from a trusted webmaster.” Every communication is secured such that you can’t have a third party tamper with legitimate messages.
Certainly this doesn’t prevent a website from changing messages (as you point out, archive.org solves that problem). For the most part, that’s not really a negative. Things change and sometimes the old information needs to be corrected.
The internet goes a step further, though, because we have a set of trusted certificate managers we can know for sure that the signed cert we get from “google.com” is actually from the owners of google.com. An issue with the block chain is there are no trusted 3rd parties saying for sure “this signature came from X”. So how can you tell that the public key you are looking at is actually musk’s and not someone else’s? What about the case of musk losing his key (which, hilariously, happened with the Q poster on 4chan). You end up needing to rely on some out of chain communication to re-establish the new set of facts and to (importantly) invalidate future communications in the case that the old key is actually compromised.
All these problems are solved with TLS.
Certificate publishers aren’t having problems getting their certificates out there or letting the general public know about them. Go to ul.com and you to can see what UL has certified.
The only benefit I’m seeing is you can see that UL revokes a cert for some reason. But that’s generally not something you care about. When looking for certification you want to know “what is the current certification status of this”. Nothing more.
Blockchains I fully agree don’t deal with trusting a public key. Something out-of-band is needed if you need to trust the author of a claim and not just the claim is consistent. Concsistancy is where I see a block chain adds value.
Lets look at Matter which is operated by a coalition of companies (connectivity Standards Alliance or CSA).
What if the CSA wants many certifiers and not just ul.com?
What if the CSA wants a single datastore of those results? Maybe ul.com stops certification for Matter devices and no longer wants to maintain infrastructure for the CSA. The CSA then needs a cache of past certifications some place then.
What if CSA members don’t trust any one company in the coalition to host that federated datastore? For example, Apple fears if Google hosted they will introduce random faults when queried to cause a poor user experience when checking an Apple product. Nobody is neutral enough that everyone can agree on one company to host. Since this is an international standard, it could be the US and China won’t agree on a host. Point is, nobody trusts anyone to consistently report the same thing.
They don’t even trust an outside entity like ul.com to provide consistent reports.
Once its been said on a blockchain, it cannot be unsaid. It would take 2/3 of the coalition to agree to a false result to screw over the other 1/3.
Important decisions like votes on what accounts/wallets on the chain can post certification results also requires a 2/3 majority that can be audited on the ledger. Trust of those accounts is established off the blockchain.
If a certifier doesn’t want to certify a device, a blockchain won’t solve that. Its solves the trust problem that results will be consistent during the millions of requests for a certification result. My bank has a trusted certificate as a trusted web master. Doesn’t mean they won’t give me different loan options based on location/browser/any other meta data they can get. That is their right to not give consistent results. That doesn’t mean there are not any use cases for it.