My takeaway is that this is a variation of an insurance business - you have to sell people on needing protection for times when sh#t hits the fan. It's an unpleasant topic and very few would ever want to concern themselves with it, at least voluntarily. So making something like VirtualNotary work is pretty much exclusively a sales and distribution problem. The technical side is easy.
Very interesting autopsy. But there are many uses for a virtual notary besides those times when "sh#t hits the fan."
Open source distributions, for instance, are currently distributed along with a hash, supposedly for protection, but we all know that those hashes are essentially worthless. This is a way to get integrity protection for free.
Employment status is another case where an independent certificate that you were employed at that instant would be valuable for the recipient.
Raffles and so forth are entirely untrustworthy at the moment; participants need to trust the reputation of the raffle holder, and while there are some laws, they are just not enforced.
In all these cases, VN can provide a useful service far before anything hits the fan. CertTime looks like it was a great attempt at a very specific instance of the problem. Virtual Notary is attempting to tackle a more general version of the attestation problem, so I'm hoping that there are more savvy users to draw on.
We've been running the service for many months now, and it costs 0.005 BTC per day, which is a small price to pay for a useful service. Just curious about what caused you to shut the service down.
Any plans to open-source the implementation (minus secret keys and other sensitive credentials, of course), so others can set up their own virtual notaries, to defend against a single point of failure?
A git factoid plugin is a great idea. What exactly is the attestation that you have in mind? You provide the name of a repo plus a tag, and the VN issues a certificate of the hash?
Something along those lines. The Linux kernel maintainers do a great job tagging releases and ensuring that they are signed appropriately. Others are less careful, and it'd be useful to know that the content you saw tagged as 0.5.9 a month ago is the same as what you see today. Git allows you to check this, but only if you keep your repository around.
I can see uses extending beyond tags, where people wish to claim that code existed at a particular point in time. It's possible to fake the git metadata and push the faked commit. If your notary can say that a particular commit was public, you raise the bar from changing the system clock to inventing time travel (or hacking the notary, whichever is your cup of tea).
My takeaway is that this is a variation of an insurance business - you have to sell people on needing protection for times when sh#t hits the fan. It's an unpleasant topic and very few would ever want to concern themselves with it, at least voluntarily. So making something like VirtualNotary work is pretty much exclusively a sales and distribution problem. The technical side is easy.