Comment by Barrin92
13 days ago
this is already how the EU infrastructure for digital ID works, basically. Using public/private keys on your national id, the government functions as a root authority that you (and other trusted verifiers downstream) can identify you with and commercial platforms only get a yes/no when you want to identify yourself but have no access to any data.
South Korea also has had various versions of this even going back to ~2004 I think.
Yes, it has been possible for a long time to provide anonymous attestations. But somehow, they also always seem to require that you have something like Google play services running for you to ask for the attestation in the first place. And with PKI, even though they could do with just the public key, they somehow also always insist on generating the keys for you (so they have the private key as well).
Do all EU countries have that? I know our (German) ID works that way, using the FOSS AusweisApp, but I hadn’t heard of it being EU-wide (it should be, though).
Spanish ID cards have had an X. 509 cert inside them for more than 10 years, I use it all the time to sign documents and access government sites. There is already legislation and a push for an EU-wide digital identity wallet that should be up and running this year, look up eidas 2.0 and the EUDI wallet.
That looks like it should make things like privacy compatible age verification "trivial".
Thanks, that looks very cool, and apparently close to coming into effect.
It's been a slow rollout but yes, it's an EU wide thing. Slovenian IDs issued after around 2022 have them too.
It's nice that the platforms don't get access to data, but does the government gets information about who is trying to access what?