Re: [PROPOSED WORK ITEM] Verifiable Issuers and Verifiers

On Fri, Dec 16, 2022 at 2:54 PM Steve Capell <> wrote:

> The thing that worries me in reading your proposal is the use of words
> like “list of trusted issuers”.  We will be addressing this problem not
> with lists but with chained credentials where the verifier follows the
> chain until it reaches a trust anchor that they can trust.  That’s because
> the lists are too big and fast changing and are themselves sensitive.

My concerns about trust registries are similar, and I've written about them
recently in a blog post "Progressive Trust: A New Approach to Building
Trust in Decentralized Systems" at

Trust registries may not be able to capture the dynamics of trust-building
over time, which can be vital to building trust in complex or evolving
systems. Further, trust registries can become outdated or irrelevant as
requirements and details change for each party, resulting in gaps that make
it difficult to determine the authenticity and reliability of new data with
a privacy-breaking “phone home.”

Another important problem is that, to date, trust registries do not treat
the risks of all parties equally, or focus on mitigating the risks of those
parties with more power to influence the registry, or create a dependence
that is likely to be an expensive barrier to entry or only benefits the few.

Even with highly-distributed trust registries, the costs to maintain them
may be high enough that only the biggest orgs can offer them, leaving
smaller organizations' requirements behind. Look at a current example: it
currently requires a Google-class infrastructure to maintain the current
DNS Certificate Transparency lists. There have been proposals to make it
more distributed and less burdensome, but Google is not incentivized to do

I'd love to find an architecture where every party's "trust filters" are
easily adaptable and also easily decentralized (not just distributed). But
even with solutions for those first two problems, we still have some
additional challenges to address, such as the risk surface of peers sharing
trust registries, inadvertent "first mover" advantages of one party's trust
anchors overwhelming others because they published first, etc.

P.S. I'm not arguing that this work should move forward as a CCG work item,
it should — +1!  I'd just like this group to also address these challenges,
even if only to document them as some type of "long-term requirement."

-- Christopher Allen

Received on Saturday, 17 December 2022 00:48:25 UTC