Григорий КлюшниковMay 1, 2023

The portable identity people always, inevitably forget one simple truth: the identity and the means of accessing it should be separable. I've explained them way too many times that a public key is not a viable form of identity. They still keep insisting on using public keys as identifiers.

The fatal flaw of the use of cryptographic keys for identity is that
- Once leaked, it can't be revoked to prevent further unauthorized access and impersonation
- Once lost, it can't be recovered and a new key pair, thus a new identity, is required

This stuff is non-negotiable really. I worked at VK, they have an entire department dedicated to restoring people's access to their accounts. People are terrible with passwords and they will be even more terrible with private keys.

Show threadOlivier ForgetMay 1, 2023

@grishka @cwebber The thing about private keys is that you have to tell people:

- don't lose it ever so make backups
- make sure nobody ever gets to see it

These two things are hard to do together, particularly for non-tech people.

Show threadEunakria
@teleclimber @grishka @cwebber it's hard to do even for tech people! I'll be the first to admit that my SSH key backup solution is a fucking disaster
May 8, 2023 at 6:12pmWeb