What Remains Open

The most consequential open question about the identity layer concerns key management. Self-sovereign identity depends on participants controlling their own cryptographic keys. But participants lose devices, forget passwords, and — in some cases — face coercive actors who attempt to extract keys through legal or extralegal pressure. The mechanisms for key recovery that do not reintroduce the dependence on trusted intermediaries that self-sovereign identity was designed to eliminate are technically unsatisfying in their current forms. This is a genuine unsolved problem, and the identity architecture must be honest about it.