Closely following the launch of the Blockcerts Universal Verifier, Learning Machine contributed a more visual and verbose verification process to foreground the power of verification and to make everything more transparent.
Below is a picture showing the three categories of things being checked: Format Validation, Hash Comparison, and Status Check. Each of these sections can be opened for more detail so that viewers can see exactly what has passed or where the process has failed.
If you would like to see this process yourself, you can simply take the URL of this sample certificate (https://blockcerts.learningmachine.com/certificate/75a731e9942652d6b1d61bcc371b3644) and then paste it into the Universal Verifier at www.blockcerts.org.
So I see “parse issuer keys” in format validation, and then I see “issuer signature check” in status check. I’m mainly looking for a solution to the case where a third party is issuing certificates and claiming to be someone they’re not. Say for example some diploma mill claims to be M.I.T., or Harvard, on their certs. In that case, the fake certificates may be authentic on a digital receipt level, and yet completely dishonest in terms of who they’re identifying themselves as.
One solution I can think of is to compare the issuer’s signature to M.I.T’s signature. I believe the issuer’s signature is bound to the hash of the certificate, and thus cannot be altered or falsified. But I’m not yet sure where M.I.T’s, Harvard’s, or any issuer’s signature (or public address?) can be found, to perform the comparison check. Would a comparison check be needed to safeguard against this fake issuer pain-point, and if so, is there a simple way to perform it?
(I’m not 100% clear on this, and it may be the case that blockcerts already performs a check for such a case. I know it should be a while before we start to see spoof certificates written to the blockchain, but I get the feeling it’ll be easier to combat these types of lies using digitally verifiable certs, than it has been currently with paper-only certification.)
Great question, the true identity of Issuer is critical because all of a credential’s power comes directly from the authority of that issuer. This points to the need for a more proactive public registry (or registries) of public keys, along with some kind of visual indicator that proactively checks against these known keys. Until then, the good news is that the community can fairly easily check against an Issuer’s known signing keys. Those handles never really existed before. So, all the materials are there to build an even more convenient verification check for issuer/reputation going forward. One step at a time!
I have same question on “issuer signature check”.
- Does Blockcerts generate a digital signature using MIT’s private key (PKI?) and store the digital signature in blockchain?
- Add MIT public key(PKI?) in trusted public registry of public kyes
- During verification, using MIT’s public key to verify “issuer signature”
Is this correct understanding? Thank you for your help.