I think we had different intuitions because we considered different user populations; a kind of “typical skill fallacy” on my part.
It might be, as you say, easier to steal an average blockchain user’s private key than to successfully fake their government ID. I don’t think I know what the average blockchain user’s security is like, and whether it’s much better than the average computer user’s security, which is very poor. (Although that statement once again bakes in some assumptions about the attacker...)
Rather, I was imagining myself, and others who like me have some relevant experience. (I’ve spent a few years helping manage a private X.509 CA and associated hardware and software in a pretty paranoid environment, so perhaps my expectations are set high!) I believe that if I wanted to strongly protect a private key, because I had a lot of value invested in it, I’d be able to make it much more secure than my government ID.
The key point is that a blockchain user can invest in security proportionally to the value being guarded. Whereas IDs provide a similar level of security to everyone; one person’s ID probably isn’t orders of magnitude harder to fake than another’s. Unless they’re e.g. very famous, or very unlikely to be found where you are or doing the things you’re doing with their ID, in which case verifiers might not believe you even if you look like the photo on the ID. (Although social engineering can work wonders.)
I wasn’t talking about any blockchain use in particular, and I don’t have a strong, thought-out defense of any particular use tied to real-world entities like real estate; I haven’t investigated the subject enough. I know my way around key management; what you do with the key afterwards is your business :-)
I think we had different intuitions because we considered different user populations; a kind of “typical skill fallacy” on my part.
It might be, as you say, easier to steal an average blockchain user’s private key than to successfully fake their government ID. I don’t think I know what the average blockchain user’s security is like, and whether it’s much better than the average computer user’s security, which is very poor. (Although that statement once again bakes in some assumptions about the attacker...)
Rather, I was imagining myself, and others who like me have some relevant experience. (I’ve spent a few years helping manage a private X.509 CA and associated hardware and software in a pretty paranoid environment, so perhaps my expectations are set high!) I believe that if I wanted to strongly protect a private key, because I had a lot of value invested in it, I’d be able to make it much more secure than my government ID.
The key point is that a blockchain user can invest in security proportionally to the value being guarded. Whereas IDs provide a similar level of security to everyone; one person’s ID probably isn’t orders of magnitude harder to fake than another’s. Unless they’re e.g. very famous, or very unlikely to be found where you are or doing the things you’re doing with their ID, in which case verifiers might not believe you even if you look like the photo on the ID. (Although social engineering can work wonders.)
I wasn’t talking about any blockchain use in particular, and I don’t have a strong, thought-out defense of any particular use tied to real-world entities like real estate; I haven’t investigated the subject enough. I know my way around key management; what you do with the key afterwards is your business :-)