Crypto Weekend Review 7/8
Curated reads, listens, views by Wilson Withiam and Ria Bhutoria.
Weekly Spotlight 🔦
The Fall of Certificate Authorities and The Rise of Handshake by Imran Khan
Imran Khan delivers a high level overview on how encrypted connections between users and website servers are beholden to trusted intermediaries and how decentralized alternatives could be a viable solution. Certificate Authorities (CA) play a significant role in maintaining Domain Name System (DNS) and act as the central gatekeeper to the issuance and storage of Secure Socket Layer (SSL) certificates. The SSL protocol is a layer that works with HTTP to offer an encrypted connection between a user (browser) and server (host computer). And these SSL certificates “bind the ownership of a website to a set of publicly verifiable cryptographic keys” so browsers and users can verify if a website is legitimate and not trying to steal sensitive information.
CA’s are the organizations that validate SSL certificate requests and store information related to certificate issuances in centralized repositories. The top three CA organizations manage 90% of the global market share. This concentration of influence and information may pose counterparty risk to users in form of hacks, phishing attacks or website spoofing. According to Imran, obtaining an SSL certificate can be relatively trivial, leading to incidents where malicious users receive SSLs for fraudulent websites (the March 2011 incident of Comodo, a CA, issuing certificates to fake sites claiming to be Microsoft and Google is one example). Imran also points out related attacks are on the rise: over 267 million phishing URLs were sent in 2017, and Zscalar reported 1.7 billion threats hidden in SSL traffic were blocked in 2018.
On the other hand, decentralized protocols (and Imran singles out Handshake Protocol as an example) that can manage Top-Level Domains at the root level would limit our reliance on CAs to control digital certificates and associated private keys. All private keys in these systems would be directly signed and controlled by the owner. Further, storing SSL related information into a shared distributed ledger creates an immutable record connecting the private keys to the registered domain, making website domain spoofing more difficult. Only in certain instances is decentralization is a net value-add — and a decentralized DNS alternative could very well be one of them.
Reads 📚
- Catching up on bitcoin by Howard Lindzon
- The State of Privacy Coins by Eli Ndinga
- Ethercluster: An Open-Source Alternative to Infura by Yaz Khoury
- Crossing shards by Jordan Clifford
- Decentralized Oracles: a comprehensive overview by Julien Thevenard
- Blockchain blossoms in Haiti in Venture Beat
- The Effects of the G20 Summit on Bitcoin by Kevin Kelly
- Investigation into the Legitimacy of Reported Cryptocurrency Exchange Volume by Alameda Research
- DeFi 101. Part 2 — Margin Trading by Scott Winges
- Considerations for a Crypto Fund Audit by Jordan Palmer
- Libra, 2 weeks in by David Marcus
Tweets
- Mohamed Fouda’s thread (from Token Daily Capital) on the potential ripple effect of the first Cosmos slashing event
- Jason Choi’s thread on fascinating & underexposed economic experiments in crypto
- Ari David Paul’s thread on how technology, and specifically blockchain, may change how collectibles are authenticated
- Tom Shaughnessy’s thread detailing an AMA held by Spencer Noon on the topic of ETH 2.0 Phase 0
- Jeff Dorman’s thread on why “altseason” is a tired trend and how an altcoin bull market similar to 2017 is unlikely to happen
- Michel Rauchs’ thread announcing the launch of the Cambridge Bitcoin Electricity Consumption Index (CBECI), a live model that tracks the estimated annual electricity usage of the Bitcoin network in real time
Listens 🎧
- Chain Reaction: Cadence’s Nelson Chu: The Digital Securitization and Investment Platform for Private Credit
- What Grinds My Gears: Welcome to FaceCoin
- Unchained: How Asia’s Trading Culture Results in a Vastly Different Crypto Scene
- What Bitcoin Did: Brad Stephens & Spencer Bogart on How Venture Capital Thinks About Bitcoin Investing
- Base Layer: Tom Jessop (Fidelity Digital Assets)
- Blockchain Insider: Tethery’licious Bitcoin
- Epicenter: PegaSys — Enterprise-Grade Ethereum Protocol Engineering
- Vexpoint: Tom Shaughnessy’s Institutional-Grade Crypto Insights
Views 🎥
Reports, market insights, and other information (“Information”) provided by Circle Internet Financial Limited (“Circle”) or its affiliates have been prepared solely for informative purposes and should not be the basis for making investment decisions or be construed as a recommendation to engage in investment transactions or be taken to suggest an investment strategy in respect of any financial instruments or the issuers thereof. Information has not been prepared in accordance with the legal requirements designed to promote the independence of investment research and is not subject to any prohibition on dealing ahead of the dissemination of investment research under the Market Abuse Regulation (EU) No 596/2014. Information provided is not related to the provision of advisory services regarding investment, tax, legal, financial, accounting, consulting or any other related services and is not a recommendation to buy, sell, or hold any asset. Information is based on sources considered to be reliable, but not guaranteed, to be accurate or complete. Any opinions or estimates expressed herein reflect a judgment made as of the date of publication, and are subject to change without notice. Trading and investing in digital assets involves significant risks including price volatility and illiquidity and may not be suitable for all investors. Circle and its affiliates trade and hold positions in digital assets and may now or in the future trade or hold a position in an asset that is the subject of Information provided. As a result, Circle or its affiliates may be subject to certain conflicts of interest in connection with the provision of Information. Circle will not be liable whatsoever for any direct or consequential loss arising from the use of this Information.