Comment by hacker_homie

20 hours ago

I thought a solution to this would be to use a physical smartcard to store the certificate(perhaps on your government ID). if the protocol is a challenge/response and the private key never leaves the card it would make proxying without the physical card more difficult.

7 comments

hacker_homie

wolvoleo 19 hours ago

Yeah great idea, having to get out your government ID every time you want to use a website.

prmoustache 15 hours ago
A certificate could be anonymous and the website would only need to verify it against the born_before_2008_root_cert in 2026. You could issue has many certs as you want and all would have a validity of 1 year so that websites only have to install at the maximum 2 root certs.
- wolvoleo 8 hours ago
  
  I know but what I mean is it's a lot of hassle just to visit something. And many devices I have like my VR headset don't have an NFC reader to validate some govt ID.
- faeyanpiraat 14 hours ago
  
  The “2008” part hit me hard

pastel8739 20 hours ago

If the smart cards required some human input to perform a signature maybe this could work. Otherwise there is nothing stopping someone from selling use of their card via some proxy software

ruszki 16 hours ago
Is this type of problem even solvable?
- ligne 11 hours ago
  
  I mean Netflix haven't managed to solve password sharing so,