Are we self-sovereign PKI yet?
a day ago
- #public key infrastructure
- #decentralized identity
- #end-to-end encryption
- Signal and other messaging apps use end-to-end encryption, but users rarely verify safety numbers or contact keys, making trust dependent on platform honesty.
- Existing identity systems (email, usernames, PKI) rely on custodial layers—providers, registrars, CAs—which can be compromised or coerced, breaking trust assumptions.
- Spaces introduces a non-custodial identity system where names (like grace@key) resolve to public keys via a Merkle trie committed to Bitcoin, eliminating central trust points.
- The trust anchor in Spaces is a 32-byte hash verifiable by users, with plans for a zero-knowledge certificate to simplify verification without ongoing sync or secret keys.
- Challenges include key rotation/loss, reliance on Bitcoin's proof-of-work, slow issuance via auctions, adoption by existing apps, and the social aspects of identity verification.