Required Infra: Root and Issuing CAs

JoeJohnJohnston
3mos ago
0 Comments

Required infra: Root and Issuing CA's

There's some projects I have in the pipe at the design stage, but I require components to be cryptographically signed. As far as a trusted root and Issuing CA, why not polkadot itself?
An address is the target for a smart contract that can sign CSRs on behalf of the network.

A decentralized trusted authority.

Opengov would need to be cleaned up first because if Issuing CAs became compromised in some way, we would need to take it/them down quickly, revoke the certs, and spin up new CAs. There would be a run book for this, and humans would need to spot it and call it out for the automation to execute the tasks.

I know I talked about delegation before and people fired back that you trust the parity guys, but as stewards of a network meant to work in perpetuity one must design the delegation mechanics to include the inevitable eventuality that the stewards trusted today will one day be incapacitated or have passed on, and the next generation will need to take over from there. So this "I trust person x and Y and z right now" doesn't mean much to me, as we will need to have a way to trust new people in the future.

Up
Comments
No comments here