top | item 39016551

(no title)

Key fob and the recovery method works for vehicles because it also requires physical access and knowing where that specific car is. It’s very easy for somebody to steal a specific car, even high end luxury car without after market mods if they can get to it.

This doesn’t work for the internet because anyone can access the target from anywhere.

We already do this to a degree with trusted CA centralization and there are recorded incidents (pretty frequently) of major breaches and state actors posing as various entities.

The stakes are also different, stealing a car is hard to do when it has physical security and has physical consequences. It’s also not worth a whole lot after because it’s hot. Stealing somebody’s identity is worth a whole lot more, hard to if even possible recover from and can be done remotely from anywhere.

I think centralization around brokers is a terrible idea. Look at Equifax, the audit after revealed it was only a matter of time before somebody utilized the multiple gaping completely negligent holes they had. The resulting fine for leaking every man, woman, and child’s ssn, birthdate, address, and drivers license was the equivalent of a few dollars to them.

discuss

pjkundert|2 years ago

In some of the Holochain prototypes I've built, certain state changes are more critical than others.

For some, you might allow "what you know" security (ie. the agent knows your private key).

For other, you might demand "what you know + what you have" security (ie. the agent knows your private key and has provable access to your device). I used various proof of knowledge constructs, such as the ability to read "Private" Holochain entry data (that only exist on-device, and not in the DHT), and demonstrate this by providing the hash or PKI signature of the private data (which is published to the DHT, in an entry provably before the private data being proven was written). There are other ways.

For yet others, you might want that, plus "who you know" security, in which case we do all of the above, and ask some previously defined Agents to also sign the transaction before it is allowed to be written to the Agent's source-chain.

So, the requirement for logical, physical or relational levels of security are available to Holochain / Holo hApps. This is higher security than is available for physical devices like cars, and is even better than provided by devices like Apple iPhone and Watch -- because you retain control over releasing the lock (if you forget your password and lose access to your email address, your Apple device is locked, forever).