Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

A brush with fame (not)

Wired thinks it has unmasked Bitcoin inventor Satoshi Nakamoto as an Australian security personality Craig Wright. Plenty of others beg to differ.

Curiously, I had an ugly argument with Wright and a handful of Bitcoin enthusiasts on Twitter in May 2015.

It started after I asked a simple question about why some people had started advocating blockchain for identity. I didn't get a straight answer, but instead copped a fair bit of abuse. Wright's Twitter account has since been deleted, so it's hard to reconstruct the thread (I'd love it if someone out there knows how to extract a more complete Twitter archive; I don't suppose anyone Storified the thread?).

Reproduced below is one side of the spat. I only have my own archived tweets from the time in question but you should get the gist. Wright could never stick to the point - what does blockchain have to offer identity management? Instead he took all inquiries as an attack. He's passionate about Bitcoin changing the world, and if I recall correctly, boasted of his own enormous wealth from Bitcoin mining (he's no crypto-anarchist, as is clear from his exhorbitant LinkedIn profile, one of the longest you'll ever see). Wright's arguments were all deflections; he even dredged up a PKI project from 17 years ago on which we worked together, where evidently he and I had some difference of opinion, something I honestly can't remember.

10/05/2015 3:32 Blockchain-for-identity proponents: Please set out the problem to be solved, analyse it, state your proposal, and argue its benefits.
11/05/2015 22:52 .@caelyxsec: "Bitcoin is just soft certs" @matthewsinclair < Classic!
11/05/2015 22:56 .@matthewsinclair @caelyxsec "Passport", "no central authority", "no walled gardens". Same old utopian slogans. Plus blockmagic.
11/05/2015 22:57 What does a Onelogin actually mean? It's a nickname. Who vouches for it? @matthewsinclair @caelyxsec
11/05/2015 23:09 .@matthewsinclair: @caelyxsec "what does having my Twitter & GitHub usernames signed into the blockchain actually mean?"; Not much.
15/05/2015 8:20 Seems to be a first-come-first-served nickname and self-certified details saved to the #blockchain. @paulmadsen @iglazer @TechPolicy
15/05/2015 8:24 .@Chris_Skinner "Repeat after me: Bitcoin Bad, Blockchain Good"; But good for what? Time stamped archive.
15/05/2015 9:27 .@craigvallis @paulmadsen @iglazer Very little! I don't see identity specialists advocating #blockchain for pressing identity problems
15/05/2015 10:28 RT @craigvallis: @Steve_Lockstep @paulmadsen @iglazer Heard the same from BitCoin specialists, without the coin blockchain is just a database
15/05/2015 10:31 .@craigvallis Clever contribution of #blockchain is to solve the double spend problem. But not a problem in identity @paulmadsen @iglazer
15/05/2015 21:26 .@Chris_Skinner Sure, I get Bitcoin for some payments, but I don't get #blockchain for anything else.
15/05/2015 22:15 .@Chris_Skinner Nope. Blockchain special properties relate to stopping double spend. I don't see the advantages for eg contract exchange
15/05/2015 22:21 1/2 - Thesis: #blockchain is a bit magical, so some guess it must have potential beyond payments - like identity. We need rigor here
15/05/2015 22:23 2/2 - I liken this to the way some are enamored with Quantum Mechanics to explain eg consciousness. Even magic has limits.
15/05/2015 23:16 Turns out BTC is hard to sustain even for payments. But for non-payments, is there any business model at all? https://t.co/69eHD9ssFi
15/05/2015 23:36 .@Dr_Craig_Wright Actually I always proposed community based PKI http://t.co/DagiIx74la (2003) http://t.co/o6aYQWvqMA (2008). Going strong
15/05/2015 23:40 .@Dr_Craig_Wright There's not much to attack. I still can't find a rigorous explanation of blockchain for identity.
16/05/2015 1:01 .@Dr_Craig_Wright So most people are just guessing that blockchain has potential for identity.
16/05/2015 1:09 .@Dr_Craig_Wright But maybe you can point me to one those many sources to explain the potential of blockchain or whatever for identity?
16/05/2015 1:23 .@BitcoinBelle Please explain what blockchain does that a digital signature chained to eg a bank does not? @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:27 @Dr_Craig_Wright @BitcoinBelle @Chris_Skinner Explanations please, not abuse.
16/05/2015 1:29 .@BitcoinBelle I get BTC for the unbanked. I do. But I don't get contracts or patents in that setting. @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:32 @BitcoinBelle Can you follow a thread? Or a line of logic?
16/05/2015 1:34 .@BitcoinBelle So once again, explain please how a timestamp plus tamper resistance is special? @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:42 1/4: @benmcginnes Proof of what? Someone unilaterally asserted something about themselves? @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:43 2/4: "Proof" to what standard? That word implies accreditation somewhere. @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:44 3/4: Who relies on the proof? ie what's the detailed use case? @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 1:47 4/4: Why/how does interfacing to blockchain give better proof than a PK cert? @benmcginnes @BitcoinBelle @Chris_Skinner @Dr_Craig_Wright
16/05/2015 2:40 .@benmcginnes Math proof in identity is the easy bit. Proof of attributes and rel'ships matters more. @Chris_Skinner @Dr_Craig_Wright
16/05/2015 2:43 .@benmcginnes Oh please. That's why I'm asking people to compare 2 types: blockchain and PK certs. @Chris_Skinner @Dr_Craig_Wright
16/05/2015 2:46 .@Dr_Craig_Wright I mean accred in the broadest sense: a disinterested endorsement. Self asserted means 0 @benmcginnes @Chris_Skinner
16/05/2015 3:18 .@Dr_Craig_Wright Something I said in a PKI advisory 17 years seems to still be eating you Craig. What is it? @benmcginnes
16/05/2015 5:12 .@BitcoinBelle But. Why. Bother? What's better about blockchain, compared with putting your hysterics on Twitter? @el33th4xor
16/05/2015 5:16 So I asked for an explanation of #blockchain for identity. And all I get is hippy nonsense - it's not central, not fiat, not govt.
16/05/2015 8:35 @futureidentity It's certainly the case with Bitcoin that it's more about the people than the technology.
16/05/2015 10:26 @jonmatonis @futureidentity Thanks but sorry, what do you mean by user defined privacy?
16/05/2015 10:27 @jonmatonis @futureidentity Please explain deniability of ownership.
16/05/2015 11:06 .@jonmatonis Thanks. How is that realized with blockchain where all transactions are available for all to see? @futureidentity
16/05/2015 12:10 .@benmcginnes I don't need visuals. I need blockchain-for-identity pundits to set out the problem it solves. @jonmatonis @futureidentity
16/05/2015 19:52 Twitter: Where you can be sure to find all the answers to questions you never asked.
16/05/2015 19:57 .@adam3us But why #blockchain? It was designed to stop double spend. Cheaper ways to hold immutable attributes @jonmatonis @futureidentity
16/05/2015 20:04 RT @adam3us: .@Steve_Lockstep @jonmatonis @futureidentity Well indeed identity does not belong on chain. Payment protocol is offchain
16/05/2015 20:09 .@cdelargy Which id mgt action corresponds to spending? Is it each presentation of "I am Steve"? @adam3us @jonmatonis @futureidentity
16/05/2015 20:18 .@jonmatonis Which is to say identity is not the new form of currency? .@futureidentity
16/05/2015 20:21 .@adam3us Auxillary info meaning the attributes and most importantly who vouches for them? @cdelargy @jonmatonis @futureidentity
16/05/2015 22:00 RT @adam3us: .@Steve_Lockstep @cdelargy @jonmatonis @futureidentity Yes Blockchain hasn't bandwidth for finance app msgs with identity
16/05/2015 22:26 .@Beautyon_ Not at all. I've articulated how I see the main id problem to solve: http://t.co/LPXBHieawT I ask others do the same
16/05/2015 22:31 .@Beautyon_ I'm not anti Bitcoin. I'm pro rigor. Almost nobody weighing in articulates the IDAM problem blockchain supposedly fixes
16/05/2015 22:33 .@Beautyon_ I think I agree. Names per se are not as important as the more general "Here's an attribute about me you can rely on"
16/05/2015 22:36 .@Beautyon_ So I say we need IDAM system to imbue attributes with pedigree and present them so RPs r assured of pedigree and user control
16/05/2015 22:38 .@Beautyon_ If blockchain is involved in every attribute presentation, is bandwidth ok? And isn't the 10 minute reconciliation too long?
16/05/2015 22:40 .@Beautyon_ No, I frame identity as "what do I need to know about you to be able to deal with you?" in a context.
16/05/2015 22:47 .@Beautyon_ In the lingo of IDAM, the holder of the asset you want to access is the Relying Party. They rely on your credential or key.
16/05/2015 23:03 @Beautyon_ No I don't use GPG. Maybe I might still understand if someone offers an explanation.
16/05/2015 23:08 .@Beautyon_ Why the elitism? Why can't blockchain enthusiasts explain themselves to the unwashed? You're like Freemasons
16/05/2015 23:17 .@Beautyon_ 20 years in PKI. I think I got the basics. And an allergy to people who can't explain their craft in natural language.
17/05/2015 3:42 .@WulfKhan IDAM is complicated. Many facets. Many problems. Which are addressed by blockchain? I am not on about BTC. @Beautyon_
17/05/2015 4:22 .@Beautyon_ I advise organisations on non trivial authentication and privacy problems. DIY secrecy is not important in my world.
17/05/2015 4:35 User pseudonymity is a crude fragile measure. Privacy != secrecy. It's about what others do with info about you. https://t.co/VpiKWHTLBH

For what it's worth, in my wildest dreams I can't imagine the confusing, self-important Craig Wright being Nakamoto.

Posted in Blockchain, Security

Post a comment

If you are a registered user, Please click here to Sign In

Your Name*

Your Email Address* required, but won't be displayed on this site

To help prevent spam in our blog comments, please type in "A" (without the quotation marks) below*