Issuer Certification

How anybody get assured that the issuer is who it claim to be?

That is to say, when MIT issued a certificate how do I know that the issuer is the actual MIT registrar?

The Blockcerts codebase allows any issuer or recipient to make cryptographically strong claims: if either party owns a certificate’s issued-by or issued-to address, then they can also sign a statement with their corresponding private key. Only the owner of the corresponding private key can do this.

In the case of MIT, their public keys are well known, so imposters are easy to identify.

In short, Blockcerts does not currently attempt to solve the problem of issuer identity directly. But this can be addressed in a number of ways. For instance, Blockcerts could by used by accreditation authorities to certify certain issuers, and those issuers could be listed in a public registry.

This will evolve as Blockcerts expands into Decentralized Identifiers, which more directly account for the issuer identity.