A "Private Blockchain" used to store pgp public keys of email addresses? Seriously wtf is wrong with you Proton??!
https://proton.me/support/key-transparency
1) Why a "private blockchain"? Why not just a database that you run on your servers?
2) Why are you reinventing pgp keyservers with absolutely no upside?
Management who don't understand the basics of a immutable data structure should really stop funding dumb block chain projects. Billions in capital was wasted during the web 3 craze.
So many start ups trying to use single node block chains as slow postgress instances.
Then called their slow ass database with extra steps web scale.
Makes me seriously doubt their technical competence on anything else tbh
I was interviewing with a block chain startup. Because they were using a golang postgress stack. What I usually code in.
I asked everyone who interviewed me how they planned to generate revenue with their "smart contraccs".
Not a single developer could give me a straight answer.
They had hundreds of millions in funding.
No real plan to make money.
And I'm sure they never did.
This is a transfersal issue in today's VC world. Most startups have absolutely no plan on how to monetize, they are just winging it. Cheap money enables this
Errrr. What?! 👀
I haven't read this anywhere else, I'm baffled how no one is picking this up. Absolutely mental
I think they think this is how to cryptographically sign the binding between email address and pgp key, without needing a trusted central signing authority. That is my guess.
Aren't they the central authority given that they run their own private blockchain?
One could argue that the commitment log would be auditable in theory, but in practice, who would be doing it?
Whilst the idea of a 'private' blockchain is *almost* ridiculous, and a non-sequitur, it isn't quite; google introduced Certificate Transparency about a decade ago, and from my limited understanding, it is a pretty useful construct, as it allows key revocations/updates to be propagated much more efficiently.
You don't have to call it a 'blockchain' but it's a very similar design/protocol.
As CT descriptions make clear (see certificate.transparency.dev ), there should be some element of distributedness, though, for that construct to have value. I don't know if or how that applies to protonmail. Without that, you can still have non-repudiable update and public transparency, but it's harder to see much value. A bit tricky.
Thanks for the insight!
If it's a publicly auditable centralized database, I see the value in it, although limited.
Without 3rd parties auditing changes, does it have any value in practice?
Even then, can't they just reset the whole chain at any time or roll it back? Seems pointless if that's the case
There's a little blurb on the CT website about how you can run your own nodes.
No idea how it all works in practice. I guess it's like a signet and they just never roll back?
