| ▲ | Edmond 5 days ago |
| There is a solution and I am the developer: https://news.ycombinator.com/item?id=40298552#40298804 Talking about it or explaining it is like pulling teeth; generally just a thorough misunderstanding of the notion....even though cryptographic certificates make the modern internet possible. |
|
| ▲ | whall6 5 days ago | parent | next [-] |
| How are the certificates issued? |
| |
| ▲ | Edmond 5 days ago | parent [-] | | https://certisfy.com/partnership/ Any number of entities can be certificate issuers, as long as they can be deemed sufficiently trustworthy. Schools, places of worship, police, notary, employers...they can all play the role of trust anchor. | | |
| ▲ | arctek 5 days ago | parent | next [-] | | This just moves the issue elsewhere though. I do agree that adding an extra step of having to notarize documents will filter many people. But outside of this if someone is determined they can issue fake documents at this level of provenance. Drivers licenses for example you can buy the printing machine and blanks (illegally) so you actually need to check the registrar in that location. | |
| ▲ | blibble 5 days ago | parent | prev [-] | | interesting idea... how do you handle revocation when people inevitably start certifying false information? | | |
| ▲ | Edmond 5 days ago | parent [-] | | The app allows for self-revocation using the private key or a revocation code given when cert is issued, this is useful if a certificate is compromised...there is also an admin interface a trust anchor can use to revoke certificates they issue, a rogue trust anchor chain can also be revoked. | | |
| ▲ | blibble 5 days ago | parent | next [-] | | how does rogue anchor revocation in practice? say if an anchor has issued tens of thousands of legitimate ids, and also ten to career fraudsters who gave them $10000 each as you've outsourced the trust you have no idea which are legitimate, and if you revoke the lot you're going to have a lot of refunds to issue (ultimately this is why countries only allow people who can be banned from their profession to certify documents) | | |
| ▲ | Edmond 5 days ago | parent [-] | | Each trust anchor gets issued a single certificate that can have delegation ability, ie the ability to issue new trust anchor certs to others. So if say a UPS store is issued a cert and they go rogue, we can just revoke the trust anchor cert that was issued to the store, all certs issued further down are also automatically revoked...the revocation check is done either in the app or in the case of a third-party performing the verification they will recognize that there is a cert on the issuing chain that is revoked and reject the cert. This is how TLS certs are handled too, if a CA goes rogue, all certs issued by that CA are revoked once the CA's root cert is revoked. As for refund issues, that's a problem for the cert issuer to deal with. | | |
| ▲ | blibble 5 days ago | parent | next [-] | | > As for refund issues, that's a problem for the cert issuer to deal with. no, it's your problem, as it's your brand slapped over everything, and now you've got tens of thousands of innocent people angry that you've revoked the IDs they paid for in good faith this would translate into lawsuits, against you | |
| ▲ | whall6 5 days ago | parent | prev [-] | | When you say that “we” can revoke, I assume you are talking about your company - the app. What sort of resources would be required to constantly audit the potentially thousands or hundreds of thousands of certificate issuers on your platform? |
|
| |
| ▲ | whall6 5 days ago | parent | prev [-] | | Who is the entity that has the ability to revoke the certificate? |
|
|
|
|
|
| ▲ | csomar 5 days ago | parent | prev [-] |
| I don’t get it. What is to prevent a 9 year-old from buying a certificate and using it? |
| |
| ▲ | Edmond 5 days ago | parent [-] | | This video addresses that: https://youtu.be/92gu4mxHmTY All certificates are cryptographically linked to an identity-anchor certificate, meaning buying a certificate would require the seller reveal the private key tied to the identity-anchor certificate, a tall order I would argue. In the case of stolen identity certificates, they can be revoked thus making their illegitimate utility limited. | | |
| ▲ | malfist 5 days ago | parent [-] | | So an older brother gives his sibling a key. Why would your design prevent that? | | |
| ▲ | hn_throwaway_99 5 days ago | parent [-] | | We can still have laws, e.g. that using someone else's certificate (or knowingly giving them your certificate) would constitute fraud. We have laws against kids buying alcohol, even though kids can (and do) try to get adults to buy them booze, but I don't think that's a good reason to say we shouldn't have laws against kids drinking. | | |
| ▲ | malfist 4 days ago | parent [-] | | Sure, I agree. But we're talking about a claim by GP that his cyrpographic system prevents this behavior. If it can't, it's no better than a button that says "I'm 18" |
|
|
|
|
