[bytelines]

Don't forget crypto's monetization of computer crime! You don't need to get that pesky data and figure out what to do with it, the processor time itself is money.

More seriously - I can't really speak to web 3 in general but as far as crypto here's an example:

https://www.ledgerinsights.com/shinhan-standard-bank-trial-s...

Another one: consider you go to a bar, and need to prove you are age of majority. Today you do this with a state issued ID, which are easily forged. What would a digital alternative look like?

You could certainly issue some sort of credential from the state, and present that credential to the bar, and the bar would validate it with the state. Now the state knows you went to the bar.

What if the state doesn't handle the validation, but provides some sort of cryptographically secure assertion to a distributed, decentralized ledger. And the bar doesn't validate your credential (your digital ID) with the state, but verifies it in the ledger.

Another one: distributed session management - https://www.pingidentity.com/content/dam/pic/downloads/resou...

Disclaimer: have worked at both Ping and Hedera

[violetthrift]

The bar example is a still a bit vexing to me, because it's the sort of problem/solution I often see brought up as an example, but I still fail to see the utility. A digital signature (e.g. PGP) already can act as a certificate of authenticity from a trusted party and all you need is their public key. Could you explain what the blockchain improves about that, or what it solves in that application that digital signatures don't already?

[bytelines]

That its difficult to do today, you need to manage your own private key infrastructure. So it becomes reserved for a few important things, like a digital ID.

What if it were easy and dirt cheap to make a provable claim about anything, in seconds, with a fraction of the infrastructure cost?

Like "I am signed into this application". Or "I have received a covid vaccine", or "i authorized this payment". Theres probably a lot more, my background is in identity so those are the ones I know.

Yes you can do those today but they all carry significant cost, and as a result there are significant moats around established players.

Just like Letterman asking "why do I need such information, have you heard of magazines?". Its true, magazines can do that. Just like PKI can do all those things.

[ahtihn]

Just load the state's public key into the verification apps, have the identity QR code be signed with the state's private key and you're done. You can now verify identities without the state ever being aware of verifications taking place.

No need for blockchain when a central authority is issuing identity documents anyway.

If you want to delegate signing authority just do something like SSL certs.

[bytelines]

Yes, exactly. And now think of all the limitations of running a PKI.

For many use cases, Crypto doesn't do things a PKI can't. It just does them without some of those limitations.

[runeks]

> It just does them without some of those limitations.

How so?

The hard problem is linking a public key to a real-world identity. A blockchain doesn’t help with this in any way.

[howderek]

Why would a ledger be necessary? Couldn't a root certificate store be used, such as today with HTTPS? Then, the bar doesn't even need to connect their verification system to the internet, other than for the occasional patch.

[bytelines]

It isn't. It just makes it cheap and easy. Its not a problem for a government agency to run a PKI, and for verifying identities they probably should.

But what about smaller entities, or even individuals. And what if they don't want to verify their identity but maybe an action.

Its not introducing anything new. It's just lowering the capital costs to doing it. Much like the internet lowered the costs to publishing and distributing an essay.

[NicoJuicy]

A passport can't easily be forged if you use it like it's supposed to ( read & verify data from the chip )

What can be manipulated is the visual representation of the passport. Since some people want to quickly verify a date. That wouldn't work with an Eid reader, that can be used offline.