[upofadown]

Your identity is going to come down knowledge of the private key from some sort of public key system. Why not just standardize that?

An excellent example of something perversely non-standardized for identities can be found in messaging. Signal, Matrix, Whatsapp and OMEMO are even supposedly based on the same protocol. In terms of identity they are all complete silos. All the things you establish about an identity on one system is completely unusable on another.

Creating systems to kludge this mess together seems to be a way of avoiding the root problem here...

[johnmarcus]

Keybase kludge's it together, and yet still, no one seems to care or use it.

[supertrope]

What happens when the private key is lost? We can either have certificate authorities issue you a new one, or you would need to approach your peers and have e.g. three of them confirm that you've changed keys.

[nanomonkey]

One could also use Shamir's Secret Sharing algorithm to have a number of your peers hold your secret key without them being able to access it. When you've lost the key, you have a subset of the peers reproduce it for you, by sharing their portion of the secret. Cryptography is pretty great.

[upofadown]

Then you have lost that particular identity and would have to start over with a new one for that particular aspect of your online life. If you lose it and can get it back somehow then it wasn't really yours in the first place.

You can have as many passphrase protected backups of your identity in as many places as you like so in practice the more likely issue would be where someone else gets access to your private key. So that means some sort of revocation contingency.

[mirimir]

Yeah, that is a huge problem. Most people just don't do well at managing keys and credentials. As much as I hate Signal's phone number requirement, I appreciate the reason for it.