The sharing of public key information is central to the digital credential security model, but the existing Web PKI with its opaque Certification Authorities and synthetic attestations serves a very different purpose. We propose a new approach to decentralised public key infrastructure, designed for digital identity, in which connections between legal entities that are represented digitally correspond to genuine, pre-existing relationships between recognisable institutions. In this scenario, users can judge for themselves the level of trust they are willing to place in a given chain of attestations. Our proposal includes a novel mechanism for establishing a root of trust in a decentralised setting via independently-verifiable timestamping. We also present a reference implementation built on open networks, protocols and standards. The system has minimal setup costs and is freely available for any community to adopt as a digital public good.

翻译：摘要：公钥信息的共享是数字凭证安全模型的核心，但现有Web PKI及其不透明的证书颁发机构与合成认证所服务的目的大相径庭。我们提出了一种面向数字身份的新型去中心化公钥基础设施方案，其中以数字形式表示的法律实体之间的连接，对应着可识别机构间真实且已存在的关联。在此场景下，用户可自行判断其愿意对特定认证链赋予的信任程度。本方案包含一种创新机制，通过独立可验证的时间戳在去中心化环境中建立信任根。我们还基于开放网络、协议和标准提供了参考实现。该系统设置成本极低，可免费供任何社区作为数字公共产品采用。