> <i>What is a “self-certifying protocol?” This is a general term I’m using to describe protocols that have cryptographic user identifiers and content-addressed data. “Cryptographic user identifiers” associate users with public keys.</i><p>That confuses a few cryptographic concepts: identity, trust, and key pairs. Web3 is not a security solution otherwise it would be long since widely adopted in the browser. Web3 is a potential/proposed distribution solution.<p>A hash is the most practical form of cryptographic identification. I prefer SHA3-512, but SHA-512 is more common and remains acceptable. The goal is to insure uniqueness which requires collision avoidance by hashing through a uniform process.<p>Trust is the fidelity that ensures an entity is who they claim to be, as in not spoofed. On the web certificates solve this problem. Usually trust comes from a central issuing entity like an employer or certificate authority. The key thing is that the authorizing party is centralized such that all end points agree upon it and can independently resolve to it.<p>Public key cryptography ensures an end point can encrypt a message using the remote end point’s public key so that only the remote end point can decrypt the message using their private key of the key pair. PKI encryption is far weaker than symmetric key encryption but it allows for distribution. Key pairs do not imply trust or integrity.