security cannot exist alongside obscurity

Rich authentication and authorization - in effect, 'Zero Trust' - demands deep inspection into actor, asset and evaluation of the immediate risk tolerance for the business, enterprise or individual user.   

Trust should not be a privilege to a few select, but rather an

available interface for decisioning by each contributing party.

Without fail, the largest blocker for the adoption of  crucially enabling technology or fundamentally required capability is that of the integration bar-to-entry and whether the inclusion of new protocols or stack elements is significantly challenging for teams or individual end users.

A tight coupling into existing trust anchors (such as an operating system's internet libraries that parse DNS or X.509 information for classical trust pointers) should be simple yet effective.  Korchain plans for native library creation, a robust protocol specification and modern SOA integration patterns to deliver a hardened client operating model and a resilient, cloud-enabled and quantum resistant subscription point for this information.

Humans and machines alike create assumptions around the entities and intentions involved in each of our digital interactions - trust.  But in effect, we are all blind to the increasing contextual signals that are only available through an extension to an additional, higher trust layer.  For every interaction, there is  wealth of signals both from the provider and the consumer, such that when rationalized, contextualized and sanitized, can create a store for future decisions.

Movement to a higher layer of risk metadata can be effective when provided to, and consumed from, at scale - creating a more openly trustable interface for trust, itself.

It's not that the entire internet has been "doing it wrong" because they chose otherwise, but rather that the standards embodied and the technology supported were and are representative of the creating and sponsoring entities' decisions, alongside the trust we have in those operating stewards of the internet core functions layer itself.  

As a very potent example, this webpage interaction between you, and our hosting provider, GoDaddy, has a typical trust relationship between you - the human, your browser (and operating system), the internet name system, the internet PKI system, and the web server itself.  To wit, after a few minimal steps (i.e., a DNS query to a trusted name resolver to return an applicable IPv4 address for the www.godaddy.com domain itself) along with your browser or operating systems' various checks upon and for the TLS certificates presented by the servers (and intermediaries) the connection is completed and you (via your systems, and data) now trust GoDaddy.  The reverse, of course, is also true.

If it's a simple web page, such as this, the risk context is shallow.  Yet, when it is in fact a bank portal, and the use case is to transfer money, or a water treatment plant, and the use case is to turn on or off water supplies for a large city, the risk context is deep, and requires significant enhancements, enrichments and relationships to be present in order to effect smarter authentication and authorization decisions.

Our move as a society to a decentralized  network requires a move to decentralized trust - plain and simple.  Humans can only trust themselves to use their best judgement, but the interface between trust and systems can be made better and provide enrichments such as whom to trust, and when, based upon their participation in a method similar to dynamic DNS, yet with the core operation being an attested placement into a public ledger of verifiable resources expended to prove identity or intent, or to publish contextual signals of other related interactions.