List some example endorsements

[taoeffect]

• LinkedIn style "s/he's got skill x,y,z"
• Mozilla Badges (similar concept), "You've completed course x,y,z and supposedly have those skills!"
• "This person is part of organization/church/cult x,y,z" (note that this can be privately stated to group members only, or publicly stated to everyone)

cc @john-light

[john-light]

(note that this can be privately stated to group members only...)

How do you enforce this? By encrypting the attribute using the public keys of other group members?

[dsernst]

• Voter Registration agent: "I checked, this person passed the test for a vote-eligible US citizen"

[taoeffect]

How do you enforce this? By encrypting the attribute using the public keys of other group members?

Not sure how I missed your question. Sorry for the year+ late reply.

There are various ways:

Way number 1

The attestation/endorsement could be some random data that's encrypted using the cult leader's private key (or some set of private keys), which is then verifiable by anyone who has the public key.

Unless other people get wind of this public key and decisively associate it with the group, this is secure.

Pros: Definitively proves someone is a member. Cons: Definitively proves someone is a member.

Way number 2

The group could have some secret formula known only to them, e.g. attestation(name) = sha256(name) * 77, and then software could check to see if such an attestation exists for a profile.

Pros: Fairly good security, also has plausible deniability of membership Cons: Can't be certain someone's a member

[dsernst]

Couldn't the group host an encrypted list of its members' public keys? Only existing members would be able to decrypt the list to check other members.