It is not clear for me how the consumer (employer) can trust the issuer based only on its public key. In other words, how the consumer authenticate the issuer’s public key?
This concern is not part of the Blockcerts scope currently, but it is an important concern. Here ere are some practical ideas for the short and long term.
Issuers can publish their public keys, making them known to the community, particularly over time. Perhaps registry services will emerge that make this knowledge more convenient. In the cases of school-systems, often the issuers and verifiers interact so much, the keys will be well known.
Issuers could start issuing from a Decentralized Identity Profile (DID) like Blockstack or UPort. The more these DIDs are used, the more reliable their reputation becomes. I can imagine this reputation someday becoming part of the verification process or a separate smart-contract.
Other ideas? Please share!
This is definitely an important issue to will require a more convenient solutions long term.
Thank you so much for this clarifications.
Yes, I have a very small idea and if you want we can first, discuss it in private.
If there are no sensitive content, please post it here so that blockchain enthusiasts like me can get exposure to these suggestions and maybe improve ourselves, in a broader sense.
Ultimately Decentralized Identifiers (DIDs) being developed by the W3C will help to better answer the question of “who” is behind the credential. Until then, other strategies can be employed, particularly on the issuer side. At Learning Machine, we developed a product to easily design/issue Blockcerts. Part of this product comes with a public key registry of certified issuing institutions, along with a public registry of those institutions.
For example, the Republic of Malta uses the Learning Machine Issuing System and has many issuing institutions. Check out their Issuer registry here: https://education.gov.mt/en/Blockcerts/Pages/Blockcerts-Public-Key-Registry.aspx
If a verifier wants to inspect whether a credential actually came from a legitimate Maltese source, this registry provides the information (public keys, dates used) to run a deeper inspection.