Hello, João @joaosantos, it is so nice of you. I really appreciate the useful information you provide. The same to you, I'm also a computer science student and am working on Blockcerts for MSc thesis, I hope we can be good friends More specifically about my topic, I am trying to solve the public key security problems in the Blockcerts project.
As it is shown in the above, We use the ECDSA to ensure the certificate authenticity. Image a situation that the signer's private key is compromised, anyone who owns the private key can issue the “genuine” certificate arbitrarily. Even the issuer found and changed the private key immediately, It is useful for future certificates but the not previous certificate signed by the old private key, my current solution is as follow.
the issuer published its PGP fingerprint and timestamp(fixed format data) to the public board (their official website, IPFS, other distribute medium), the verification client needs to check the public key(fingerprint) and timestamp first for verifying public key availability. Even the ECDSA private key is compromised in the future, the previous certificate still works due to the transparent expiration date.
when checking the authenticity of the certificate, two factors were considered: the ECDSA scheme(Proof the issuer's public key corresponding to the signature reasonable) and the transaction address authenticity (Proof the transaction was indeed broadcast by the issuer). Since the address private key and ECDSA scheme private key is totally different, the attacker is harder to forge the certificate.
Maybe the solution is naive and inaccurate. Since I am a novice learner in trust and identity field, I sincerely hope you two @kim @joaosantos or other people can give me some advice.