Certificates fit into Zooko's triangle just fine. They're decentralized and secure, but those keys don't mean anything to humans. Is lack of human-meaningful global identifier (like an email address) a problem? I believe we're pretty much fine with choosing a name (usually, a pseudonym) when registering with a service. Actually, I believe we even enjoy an ability to name ourselves as we see fit, and there's no real need for human-meaningful global identity identifiers. Or I'm wrong on this matter?
> impose upon the user to manage storing and syncing key material between devices
I don't see any serious problems with storing keys. Could you explain this a bit more? Did you mean that keystores are less secure than a browser logged into Persona/email account? If so, TPMs/HSMs are also getting more and more widespread (although rarely supported and used in practice, which is regrettable) and can further improve situation with secure key storage.
Password sync can be made both usable and reasonably secure (proven both by both Mozilla and Chrome), why key sync can't? One can sync a single key over multiple devices using some kind of key escrow, or trade a bit of convenience for security with the necessity for one-time initial device setup (signing device key with a master key).
I'm no security expert, but I think the most problematic part with certificate-based credentials is not syncing or storage but revocation of compromised credentials. But it's the same with passwords, certificates, emails and every other credential system out there.
Certificates fit into Zooko's triangle just fine. They're decentralized and secure, but those keys don't mean anything to humans. Is lack of human-meaningful global identifier (like an email address) a problem? I believe we're pretty much fine with choosing a name (usually, a pseudonym) when registering with a service. Actually, I believe we even enjoy an ability to name ourselves as we see fit, and there's no real need for human-meaningful global identity identifiers. Or I'm wrong on this matter?
> impose upon the user to manage storing and syncing key material between devices
I don't see any serious problems with storing keys. Could you explain this a bit more? Did you mean that keystores are less secure than a browser logged into Persona/email account? If so, TPMs/HSMs are also getting more and more widespread (although rarely supported and used in practice, which is regrettable) and can further improve situation with secure key storage.
Password sync can be made both usable and reasonably secure (proven both by both Mozilla and Chrome), why key sync can't? One can sync a single key over multiple devices using some kind of key escrow, or trade a bit of convenience for security with the necessity for one-time initial device setup (signing device key with a master key).
I'm no security expert, but I think the most problematic part with certificate-based credentials is not syncing or storage but revocation of compromised credentials. But it's the same with passwords, certificates, emails and every other credential system out there.