Comment by goblin89
15 hours ago
In context of eIDAS, your phone starts to be used for much more sensitive matters than typing comments or even logging in to your bank. The repercussions from having a secretly patched bootloader can involve another person assuming your identity, including for large B2B transactions.
Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me. Some say it’s the future; I’m not convinced.
However, if you were to allow me to use my pocket computer (and nothing else) to prove I am who I say I am, you would want to trust that I am not pretending to be somebody else after extracting private keys from their phone or whatnot. I.e., you would want to require some sort of trusted computing.
Currently, that seems to only be provided by closed ecosystem phones.
Even still, I think it’s a mistake to be rolling out eIDAS as a mobile app first. The specification allows for this to be a dedicated hardware key (maybe even something YubiKey-like, and the EU already requires all phone manufacturers to have USB-C), so why not start with that.
> Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me.
Actually, that is not what’s happening. Based on further research, the use of eIDAS is required to be left up to citizen’s decision.