|
|
|
|
|
|
by hedora
785 days ago
|
|
|
Identification based on a Certificate Authority is fundamentally centralized. The CA is a single point of failure that can arbitrarily issue or fail to issue an identity certificate. If you use lots of interchangeable CAs, then it “fails open”, in that any one CA can issue certificates for everyone. That’s still a single point of failure. If you tie the ID to the Certificate Authority (e.g. gmail offers certs for gmail addresses), each person still is impacted by some single point of failure. I’d say all these schemes are centralized. I’d call the things you describe “offline identity verification”, though there is an additional nuance: the scheme could work offline, but still send a log of what happens when it reconnects. With that, the privacy properties are as bad as online schemes. |
|
|