|
|
|
|
|
|
by gatorcode
1651 days ago
|
|
|
I’ve always been interested but confused by these concepts mostly trying to understand people’s intent. On many websites with logins we create our identity, but have to “validate” it against an email one time token. Me claiming I’m someone famous on most websites is, mostly innocent, and mostly not trusted. However, how do we verify real world identity to key pair? By some centralized authority we have trusted to “validate” said identity, aka public key infrastructure. So, at best case we have some proof that our key is created/controlled by “me” via a trusted channel but not a centralized authority. Do I upload a video of me showing my public key to the world and upload to some hosting site? Could a deep fake me do that too? Then of course the gpg web of trust model comes to mind, if we attend key signing parties and sign each other’s keys we can verify through associative trust vs centralized trust. Or is really the point to not have a real world to key identity linkage at all, for “privacy reasons,” and we just all do our business online with full anonymity? |
|
|