Is there anything about identity on the internet that’s not broken?
We know that usernames and passwords are broken, password resets are, SSL certificates, hacks like certificate pinning etc. and many other things. Apparently even domain name ownership proof is just as broken: there seems to be no method to authoritatively determine whether somebody who claims to own a domain actually does. If somebody came to…