I'm getting voted down for talking about the value-add here, but I'll give it another shot. I hope I get some replies this time if people find anything unclear.

Transferability is useful for key rotation. If you can't transfer your ownership to a new key, then if the old key becomes compromised, you can't prove ownership anymore because anyone else can sign using your key. To fix this you have to rely on the original signer to provide you with a revocation and an updated signature, which they may not be willing or able to do (and what if they themselves have rotated their key?)

Basically, to get key rotation to work properly you have to get revocation to work, which means ultimately you have to recreate a trustworthy timestamping service for digitally signed events, which is what a blockchain definitionally does.

Either that, or everyone has to agree on a third party to keep track of revocations, much like with OCSP or the MIT key server. Then, trust that third party not to tamper with the timestamps, and trust them to continue providing their timestamping service far into the future.

But irrevocability is a problem for this use case, right? Someone is bound to get hacked, lose keys or whatever, and then there's no way to actually prove, inside the blockchain, that it wasn't a legitimate transfer.

Anyways, I think the bigger problem is that neither GPG nor blockchain actually solve the "ownership" problem of digital assets. These can be copied without any problem, so proving which ones are original and which ones aren't is impossible without some kind of DRM or verification service, and that's not something that can be done with the blockchain.

> But irrevocability is a problem for this use case, right? Someone is bound to get hacked, lose keys or whatever, and then there's no way to actually prove, inside the blockchain, that it wasn't a legitimate transfer.

Irrevocability is an issue with physical assets too, but it's a compromise we deal with. If someone pickpockets you on the street, in general there's no getting your money back. You don't necessarily have to hold digital assets in a software wallet under one private key, which is the digital equivalent of walking around with something expensive in your pocket - you can choose to store the item in the digital equivalent of a safe or bank vault.

The nice thing about a digital system is that the user can easily choose where along the spectrum they want their ownership to reside. They can choose to manage the key themself, or have an institution do it for them, or anywhere in between (which involves multi-signature schemes of themself along with other persons and/or institutions of their choosing.)

Furthermore, the digital asset can itself optionally be coded to respond to certain third parties for dispute resolution. Current tech allows for an issuer to create a digital item that contains code such that it allows its ownership to be changed through a dispute process. The dispute resolution authority that's coded in could be as simple as a trusted third party or as complex as a legal system unto itself.

There isn't a single one-size-fits-all approach. Every asset issuer gets to choose their own approach, and they get to maintain interface compatibility with all other assets. For example, USDC is controlled by a company that has full blacklisting capability, but it has the same software interface (ERC-20) as WETH, which is an asset where no third party can exert any control over its functionality.

> Anyways, I think the bigger problem is that neither GPG nor blockchain actually solve the "ownership" problem of digital assets. These can be copied without any problem, so proving which ones are original and which ones aren't is impossible without some kind of DRM or verification service, and that's not something that can be done with the blockchain.

I generally agree, but I believe it's an identity issue, not an ownership issue. If there were some way to prove that a certain private key were in the sole possession of a certain person, then proving whether an asset were original or counterfeit would be as simple as checking to see whether the item was signed by the issuing person's key.