>We have public-key infrastructure for machines. We don’t have it for people.

We do, you just don't know about:)

SDK: https://github.com/CipherTrustee/certisfy-js

Web trust use: https://bsky.app/profile/bitlooter.bsky.social

Some examples of how you could leverage it: https://blog.certisfy.com/

Happy to answer questions.

Great concise description of the problem.

As for the solution, it seems to explicitly not address recovery of lost keys/identities, which is however exactly the part that makes this hard for regular users.

That, and general name confusion attacks, I suppose: "I'm lxgr17@key, yeah, don't ask about the first 16. Oh also make sure 'key' is not the one with the Gregorian lowercase e in the middle, that one's an impostor. Wait, actually, let me quickly spell it out in hexadecimal Unicode points..."

At least blockchain addresses have that going for them: They're way too long to even try and remember or spell out on the phone.