Remix clone Hacker News

new | show | ask | jobs Github

▲

whall6 5 days ago

How are the certificates issued?

▲

Edmond 5 days ago | parent [-]

https://certisfy.com/partnership/

Any number of entities can be certificate issuers, as long as they can be deemed sufficiently trustworthy. Schools, places of worship, police, notary, employers...they can all play the role of trust anchor.

▲

arctek 5 days ago | parent | next [-]

This just moves the issue elsewhere though. I do agree that adding an extra step of having to notarize documents will filter many people.

But outside of this if someone is determined they can issue fake documents at this level of provenance.

Drivers licenses for example you can buy the printing machine and blanks (illegally) so you actually need to check the registrar in that location.

▲

blibble 5 days ago | parent | prev [-]

interesting idea...

how do you handle revocation when people inevitably start certifying false information?

▲

Edmond 5 days ago | parent [-]

The app allows for self-revocation using the private key or a revocation code given when cert is issued, this is useful if a certificate is compromised...there is also an admin interface a trust anchor can use to revoke certificates they issue, a rogue trust anchor chain can also be revoked.

▲

blibble 5 days ago | parent | next [-]

how does rogue anchor revocation in practice?

say if an anchor has issued tens of thousands of legitimate ids, and also ten to career fraudsters who gave them $10000 each

as you've outsourced the trust you have no idea which are legitimate, and if you revoke the lot you're going to have a lot of refunds to issue

(ultimately this is why countries only allow people who can be banned from their profession to certify documents)

▲

Edmond 5 days ago | parent [-]

Each trust anchor gets issued a single certificate that can have delegation ability, ie the ability to issue new trust anchor certs to others.

So if say a UPS store is issued a cert and they go rogue, we can just revoke the trust anchor cert that was issued to the store, all certs issued further down are also automatically revoked...the revocation check is done either in the app or in the case of a third-party performing the verification they will recognize that there is a cert on the issuing chain that is revoked and reject the cert.

This is how TLS certs are handled too, if a CA goes rogue, all certs issued by that CA are revoked once the CA's root cert is revoked.

As for refund issues, that's a problem for the cert issuer to deal with.

	▲	blibble 5 days ago \| parent \| next [-]
		> As for refund issues, that's a problem for the cert issuer to deal with. no, it's your problem, as it's your brand slapped over everything, and now you've got tens of thousands of innocent people angry that you've revoked the IDs they paid for in good faith this would translate into lawsuits, against you
	▲	whall6 5 days ago \| parent \| prev [-]
		When you say that “we” can revoke, I assume you are talking about your company - the app. What sort of resources would be required to constantly audit the potentially thousands or hundreds of thousands of certificate issuers on your platform?

▲

whall6 5 days ago | parent | prev [-]

Who is the entity that has the ability to revoke the certificate?