[xdeqx366]

You're basically specifiying PKI, not anything to do with Blockchain.

If you truly want the timestamps to "lock in" the time of a transaction without trusting either party, a hash-commitment could be used, akin to https://opentimestamps.org/.

[subway]

A blockchain seems like a very reasonable way to provide a distributed immutable log of actions that take place within a PKI infrastructure. It even adds the ability for 3rd party auditors to participate in the system in a real-time manner.

You might even extend it, so that instead of it being PKI with a blockchain transport, to something more akin to Kerberos with a blockchain transport -- every attempt, successful or not, to access a resource could be immutably logged, and access could be granted by the targeted resource only once the authorization message has been committed to the blockchain (and therefore approved by auditors)

[captn3m0]

Cert Transparency is an effort on that front: https://www.certificate-transparency.org/faq, and it works without a blockchain.

[subway]

Cert Transparency depends on our benevolent lord Google to maintain the integrity of the log. Using a blockchain pushes that trust model out such that it's distributed across multiple actors.

There's nothing wrong with CT -- it's a great step in the right direction. There's also nothing wrong with exploring distributed immutable logging.

[zeroxfe]

A blockchain adds trustless governance rules and a verifiable audit trail to using just PKI alone. These are hugely valuable features of an identity management systems.

[noddy1]

A blockchain could improve on this because it leaves some trail linking actions of individuals as well as authorities together.

For instance, you can make a timestamped scan of a university degree to prove it existed on some date. However, a blockchain would allow the university itself to sign the fact that it gave the person the degree at that time. It would also show how many degrees of that sort the university are giving out, so that if they start giving them to everyone that would be noticed. It would also show that the given person only got that 1 degree at that time, and it would be hard for them to then make up a bunch of other stuff. None of these are possible with simple timestamping.