Call the body that issued it and ask

You're saying I could gain a lot of money by issuing fake certificates of authenticity and then answer, "Yes, it is authentic," to anyone who calls and asks?

Keep thinking like that and you'll be a ratings agency for Mortgage-Backed Securities.

Hey man, those banks, brokers, and agencies are still in business lol still trust them?

No they're not, Lehman Brothers is gone and Fannie Mae got nationalized. AIG did survive though.

> You're saying I could gain a lot of money by issuing fake certificates of authenticity and then answer, "Yes, it is authentic," to anyone who calls and asks?

No, you make the money by offering to sell real certificates of authenticity to authenticate the fake certificates of authenticity to people who those who calls and asks.

The first step is removing the "fake" part. You can issue authentic certificates of authenticity. If your certificates are based on some expert verification that you do, people will actually pay you, can you imagine that! ;)

And yes they would want you to say "yes/no, it is/isn't authentic" to anyone who calls and asks.

But if you screw up your records and say "yes" to fake certificates of authenticity that imitate yours then people will stop paying you very quickly. (Also you may end up in jail)

Yes

On August 9, 2010, Symantec completed its approximately $1.28 billion acquisition of Verisign's authentication business, including the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the Verisign Trust Services, the Verisign Identity Protection (VIP) Authentication Service, and the majority stake in Verisign Japan.

https://en.wikipedia.org/wiki/Verisign

That's based on verifiable cryptography.

The crypto is the middle part. "certificates of authenticity" have to cover the top and bottom ends. The sibling comment referred to the top. At the bottom, Verisign had a DUNS and payment dance that had more appearance than substance in determining authenticity.

Yeah, but someone has to first trust the signer.

I can start a CA tomorrow, doesn't mean anyone will put my root on their OS distro.

The assumption was that a trusted third party exists. Since you trust it, by definition, you can contact it to confirm authenticity of the certificate.

If you somehow built up trust/reputation then yes.

> issued by some trusted party

What authenticates the trusted party?

Shared hallucination.

(To those that might dismiss this as snark, look up the definition of currency. And if you find that adventure interesting follow up by reading the excellent book “Sapiens: A Brief History of Humankind” by Yuval Noah Harari for an easy read that thoroughly explains the concept in an afternoon of reading. In that book it is called “shared delusions” instead.)

Currency by itself, yes. Gold is probably best example.

Most fiat currencies impose a degree of solidity by being required for payment for certain services (read: taxes)

> In that book it is called “shared delusions” instead.

Or, by less casual name, "intersubjectivity". And yes, it's a very important idea that directly applies here.

Perhaps even a must for any human society to exist at all...

Legal system.

I mean first set-up a website and second ghost write some articles in forbes & etc to gain credibility.

But yeah; until somebody gets a different trusted party to look at the item.

Fraud generally pays pretty well until you get caught.

If the penalty doesn't involve jail time, and the fine is less than the proceeds, it pays pretty well well after being caught

now you're just describing the business model of most fintech companies