Kind of, but the requirements on such a system are far stricter than what we get (and expect) from certificate authorities. For example, the CA system doesn't fail in its goals if I publish (no matter if accidentally or incidentally) the private key for *.mydomain.com; but the proposed image verification scheme does become useless if one of the many manufacturers does that; the CA system doesn't fail just because CAs will issue a certificate to phishing sites run by some criminal, but the proposed image verification scheme does become useless if some manufacturers will issue a "camera" certificate that can be extracted and used in some criminal's Photoshop workstation instead of a real camera.
For web CA's to work, all you need is that the single certificate for the site you're choosing to visit is good - but if you want to use a similar system to verify trustworthiness of viral images originating from strangers through social media, you need 100% of the camera certificates to be valid - if there are any leaked certificates, then manufacturers of fake images will use those; and on the other hand if you "revoke" everything from any compromised manufacturer, people won't just replace their cameras, they'll simply keep posting data with their valid-but-invalid certificates and you'll either have to automatically mistrust lots of genuine true content or be vulnerable to fake data, and most people will choose the latter.
PeterisP|2 years ago
For web CA's to work, all you need is that the single certificate for the site you're choosing to visit is good - but if you want to use a similar system to verify trustworthiness of viral images originating from strangers through social media, you need 100% of the camera certificates to be valid - if there are any leaked certificates, then manufacturers of fake images will use those; and on the other hand if you "revoke" everything from any compromised manufacturer, people won't just replace their cameras, they'll simply keep posting data with their valid-but-invalid certificates and you'll either have to automatically mistrust lots of genuine true content or be vulnerable to fake data, and most people will choose the latter.