Yeah, that's a super good point. It could end up going that direction. I would hope that issuers would be kept accountable by the people trusting them, and get bad reviews if they didn't do their job, like anything else. That would allow for a decentralized system without a deep and brittle hierarchy like with CAs.
One problem with root CAs is probably that they're baked in to the OS/Browser at a low level, and need to be trustworthy for every request, rather than being a bootstrapping mechanism. The moment a root CA gets compromised everyone using a certificate downstream is in trouble. The same would be true of a WoT bootstrapping service, but the duration the certificate needs to be valid would be days or weeks, not years (taking renewals into account).
hodlbod /
npub1jl…jynqn
2024-09-06 23:31:07
in reply to nevent1q…xtz6
Author Public Key
npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqnPublished at
2024-09-06 23:31:07Event JSON
{
"id": "4e79f3725b2e4945998fb257d122e44cf1ac122d64884d19918424b9c971bb48",
"pubkey": "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"created_at": 1725665467,
"kind": 1,
"tags": [
[
"p",
"c1e9ab3a56a2ab6ca4bebf44ea64b2fda40ac6311e886ba86b4652169cb56b43",
"wss://christpill.nostr1.com/",
"Brunswick"
],
[
"e",
"0b64e9350beebe2952d8f9d5568dfab8dc882d504a388560f83ec2c267bdaffb",
"wss://hodlbod.coracle.tools/",
"root"
],
[
"e",
"0cb8decf223c2804e8a9ac3642d3856292d992d65c046acdb2911beca96ee2da",
"",
"mention"
],
[
"e",
"03938c9fe3bd74cbb8a9b2c7ffc6a4e7094152649e8e6872f1252167d51323b7",
"wss://frens.utxo.one/",
"reply",
"c1e9ab3a56a2ab6ca4bebf44ea64b2fda40ac6311e886ba86b4652169cb56b43"
],
[
"client",
"Coracle",
"31990:97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322:1685968093690"
]
],
"content": "Yeah, that's a super good point. It could end up going that direction. I would hope that issuers would be kept accountable by the people trusting them, and get bad reviews if they didn't do their job, like anything else. That would allow for a decentralized system without a deep and brittle hierarchy like with CAs.\n\nOne problem with root CAs is probably that they're baked in to the OS/Browser at a low level, and need to be trustworthy for every request, rather than being a bootstrapping mechanism. The moment a root CA gets compromised everyone using a certificate downstream is in trouble. The same would be true of a WoT bootstrapping service, but the duration the certificate needs to be valid would be days or weeks, not years (taking renewals into account).",
"sig": "1ca6b2c1683f9225eb9c08984ccd97d57a68ff7bd6362a6cb428ae8ab226b473a88c6a125b0cd96880ce92501a64bb6e96febe54588b0a58dfabfcad98dd587e"
}