I still don't think that a blockchain is really the answer though. It's an answer to Zooko's Triangle, but it also removes an element of privacy.
Do we need global names? I just want to talk to my brother, my friend, my colleague; I don't really care about talking to people I don't know. Given that, what's wrong with identifying people as 'Billy's wife's mother'?
What are you thinking of specifically? The chain wouldn't contain any network of contacts (like GPG signatures) and only hashed information about the user.
Worst case is that a user's number of devices and public keys can be looked up.
> The chain wouldn't contain any network of contacts (like GPG signatures) and only hashed information about the user.
If 'hashed user information' means a function of the user's identifier (e.g. the user's email address, or some other global user ID), then privacy is lost because one could hash any user's ID and see what his public keys are; many protocols include an identifier for the sender's public key in order to guide the receiver, and vice-versa. This means that one could see what messages that user has sent or received.
If it doesn't contain some function of the user's identifier, then what would be stored exactly, and what would its utility be? If I can't consult the global blockchain asking, 'what is the key for smith@example.invalid?' then why have a global blockchain? If it's simply a record where key X says key Y is the same as key X, then key Y says no it's not, then key X says yes it is again … what's the value?
Blockchains are an amazing innovation for achieving global agreement. Because of this, they can be used to bind easy-to-remember petnames (like 'bill' or 'Bill Gates') securely, such that the entire world knows that BLOCKCHAIN('Bill Gates') is the founder of Microsoft, not his father or some random fellow. If you're not using a blockchain for global agreement, what's the point?
Yes, it's supposed to be a hash of the user's identifier.
The goal is of course being able to look up the keys of individual users based on their publicly shared identifier. This system isn't trying to hide a user's keys in any way, so I think we're simply trying to solve different things
> Yes, it's supposed to be a hash of the user's identifier.
Which is why it's a privacy issue: given someone's public identifier, I can see what his key is and how it changes over time. I can see if he has a key, which is interesting information. As I noted, I can probably monitor traffic to find messages encrypted by or to his key.
Heck, I can pregenerate many potentially-valid identifiers (e.g. [0-9az]+@[a-z][0-9az]+\.(com|net|org|edu) and look for them in the public blockchain, and use that to confirm whether the accounts are valid or not (this could be used to see if an email address is valid without ever sending email to it). I could use this to verify addresses before sending out spam or malware.
If I can see two identifiers who communicate with one another, I could use this to, say, malware purportedly from one to the other via unsigned email, who is likely to trust it because it appears to be from someone he knows.
You see the issues, I hope. This kind of thing really is tough.
Do we need global names? I just want to talk to my brother, my friend, my colleague; I don't really care about talking to people I don't know. Given that, what's wrong with identifying people as 'Billy's wife's mother'?