The comment made my whole day. I love it when 'old-guard' engineers who literally built the playground we're on come out to yell at everyone to get off the damn grass.
It's a weird combination of inspiring and humbling at the same time. Inspiring to think that this massive ecosystem of interconnected computers was actually made by real people, and humbling because yeah, I should get off the damn grass.
PHB was there when satoshi dropped the white paper. He didn’t get it at the time. He still doesn’t get it, commenting on the same forum recently. PHB, dude, time to admit you were wrong. Not only does this technology work wildly better than you have claimed, it has more value today than it did 13 years ago, both as a savings device, or a trustless medium of exchange
I won't claim to have the degree of technical expertise to authoritatively comment on the actual implications of his comment.
What I often find most valuable from these kinds of comments is the fact that these risks were acknowledged and either accounted for in the original specs, even if in a flawed manner, or explicitly discounted as being out of scope.
What I take away from the comment on the article is that from a security perspective "we're not there yet" even if the cryptocurrency technology is useful, widely adopted, and frankly not going away.
I don't think his issue is that cryptocurrency exists, or is being used widely on the world-wide web, but rather that underlying technologies (DNS/HTTPS/PKI) are being taken for granted and used in a manner that they weren't originally designed for.
EV is expensive bits issued by a trusted third party.
Cryptocurrency, Bitcoin, is expensive bits issued by a non-trusted third party.
I don’t see how you can be bullish on the first without being bullish on the second, yet I can see how being bullish on the second can mean bearish on the first. Solutions involving no TTP are better than solutions involving TTP.
I like PHB and he has done great things in the field of cryptography. His belief in centralization of public key systems for security runs counter to the cypherpunks who want to decentralize everything despite the costs.
Ah, while thinking of an adequate response to this comment, I think I may have discerned the nature of his complaint in context of what is happening at large. To both clarify my own thoughts and hopefully share what may be a useful revelation I've taken the time to write out a somewhat long-form response below.
---
*TTP Transactions*
When transactions are brokered through a TTP such as via swiping a credit card at Walmart. The transaction is then brokered by Visa, Mastercard, et. al. who retains the ability to reconcile various types of disputes & fraudulent transactions after the fact with minimal loss of money. At any point the central authority can technically reverse charges without the consent of either originating party.
My non-expert, "educated layman's" understanding is secure online digital communication was designed with the express intent of being used in this kind of scenario. You have a number of transactions of which some non-zero quantity are fradulent, relying on the affected parties to initiate some kind of arbitrage via the trusted third party. Prior to crypto, very few (if any) transactions performed online were irreversible economic transactions requiring *full trust* in the security of the communication channel to mitigate fraudulent transactions. Which brings me to what I believe to be his primary point of contention, putting gripes about specific decisions and technologies aside...
---
*Non-TTP Transactions*
Crypto currencies that require zero-trust in a third-party have no(?) mechanism with which to mitigate fraud.
That means your entire chain of communication, from physical layer all the way up to end-user, must be hardened against forms of irrecoverable tampering, that would otherwise be a recoverable nuisance in a TTP model.
As one of the engineers who designed & put into place a large part of the security around the communication channel being used PHB appears to be taking offense to the assertion that this exploit was due to a flaw in "the web's" security.
Simply put, it was never designed to be the first and final layer of defense against fraudulent activity, and if we want crypto currency to be 'the future' we should walk in the path of our predecessors and design a communication stack that explicitly addresses the concerns of being used for non-TTP transactions.
We need to harden the stack at all layers, as many components were not explicitly defined to protect under the zero trust model, especially with the exploitable financial incentives that could not have existed before. Thank you, I feel your insight has helped strengthen my understanding too.
It's a weird combination of inspiring and humbling at the same time. Inspiring to think that this massive ecosystem of interconnected computers was actually made by real people, and humbling because yeah, I should get off the damn grass.