Tristan: You make some good points here. Thank you.

As a contributor to the Sovrin tech stack, I wanted to chime in with some minor clarifications. Of course, filter what I say through my rose-colored glasses. :-)

First, Sovrin’s default behavior will be to provide mutual auth. SSL totally supports this, of course, but in practice it is almost never used this way — and the workflow you’ve spelled out for websites and certs is one-way auth only. If you try to do two-way auth with SSL, the problems with CAs become much more difficult to overcome. So this difference in emphasis does have practical consequences.

Second, Sovrin does not use revocation lists. Its revocation design uses cryptographic accumulators, which are far more lightweight. Basically, an accumulator is a single number that encapulates the state of all issued claims; publishing this number is cheap and fast, and can be done often enough that the latency in a revocation can be negligible, if that’s important. Thus, I don’t foresee significant pressure for the realtime revocation check endpoint that you posit; Sovrin’s revocation will be realtime enough. (Traditional revocation lists are far more unwieldy, and are one of the reasons why certs are a huge headache; you are totally right to lament the latency of them.)

Third, Sovrin has privacy characteristics that certs do not. You mention this, but just in passing. I think it’s a big deal. SSL cannot satisfy GDPR, but Sovrin can…

Fourth, I think you’re too quick to equate a reliance on issuers with a lack of self-sovereignty. Nobody is prevented from issuing self-attested claims in Sovrin — and indeed, certain types of claims *must* be self-attested, such as a claim that you have given consent. Other claims are, to some extent, hostage to the willingness of others to attest — but that is not a characteristic of any digital system or protocol; it’s a fact of life. If I haven’t gone to medical school and thus cannot get any issuer to certify my medical credentials, this does not mean I’m not a self-sovereign actor; it just means my actions are constrained by reality. If Harvard issues me a diploma and then learns that I cheated, so they revoke the diploma, that doesn’t make me less of a sovereign over my identity; it just means they won’t put their name behind an assertion they no longer want to endorse.

Many (perhaps most) facts about my identity may be attested by multiple Sovrin issuers. For example, my driver’s license, my credit card account, and my birth certificate may all certify my name and date of birth; if the credit card issuer decides to revoke my card (on Sovrin), that doesn’t prevent me from proving my name or date of birth in another way.

Claims are self-sovereign because nobody — especially not issuers! — can use the claims without the identity owner’s permission. Further, it is even possible (though this feature is not yet implemented) to have an identity owner revoke a claim without the issuer’s permission or knowledge. Imagine being able to suspend your own credit card without calling VISA… and then unsuspend it when you find the card between the seats in your car, again without calling VISA.