1. 8
    1. 13

      To recall an analogy from object-capability theory, both a water balloon and a sponge hold water. When either a water balloon or a sponge is stabbed, the integrity of the system is compromised and water leaks out. However, for a water balloon, the stabbing fatally breaches the surface of the balloon and ruptures it, resulting in catastrophic total failure; in contrast, because the sponge has internal structure, the stabbing has almost no effect other than locally around the edges of the knife.

      When we consider identity, the first thing to remember is that we have already made an epistemic mistake. Quoting from Chip Morningstar’s article, “What Are Capabilities?”:

      If you’re like most people, the first thing you’re likely to think of is to ask the requestor “who are you?” The fundamental insight of the capabilities paradigm is to recognize that this question is the first step on the road to perdition.

      Understandably, you instead recommend some sort of prismatic identity, where a single person is correlated to many different accounts. But why have accounts at all? One of the major lessons of capability theory is that it does not matter who invokes a capability; the possession of the capability is the authorization required to invoke it. With emphasis added, I’m going to rephrase a couple of your central conclusions:

      If this proof verification is done for several accounts on different platforms, it is beyond reasonable doubt that the same person has access to the keys of said accounts.

      Only you, the holder of the keypair, can add new proofs.

      You are the author of your proofs and your online identity.

      The emphasis that you place on ownership and personhood is understandable but incongruent with the actual maths. Cryptographic key material is not unforgeable, merely unguessable.

      Edit: I am poor at spelling.

      1. 2

        I couldn’t agree more. After working on key-based identity for a few years with Scuttlebutt I’m very optimistic that ‘accounts’ aren’t the future.