Legitimate Issuer?

We are working on our college project using the blockcert standards. We are almost there but a question arose in our minds when it came to isuuer leigitimacy. I mean how can you know that the issuer who issued the certificate is not fraud. Take for example: What if I pose as an issuer and issue a university certificate for myself?
We looked up in the forums and documentations and even tried brainstorming for a way around but couldn’t come up with a good enough solution. Does blockcert have any solution for this that we couldn’t find?
If not can somebody help us out with this?

Thank you.

I think here it’s a combination of two things. Having the issuer profile hosted on the college domain somewhere, and to have the certificates hosted on the college domain as well. If you’ve seen any sample certs on blockcerts.org, there’s a “View Record” link after verifying. That link would ideally go to somewhere on your college domain.

There might be other ways I’m not thinking about this morning, but those two are the immediate ones that come to mind.

I would agree that this will be an important challenge to overcome. The solution of hosting certificates on a domain is not robust enough.

Perhaps issuers themselves must receive certificates to enable them to issue, a function that is somehow operated in a decentralized manner.

Then who certifies the certifiers, and…(yeah, there are problems to solve). Some sort of proof of stake/reputation seems key, but then you move back towards the traditional institutional model in certain ways.

The issuer address is a public key that is held by the issuer as well as used to sign the cert when issuing. All that needs to be done is for them to publicly claim ownership of this public key, eg. post it on their website.