Comment by miki123211

What does require a trusted computing platform, however, is ensuring that the same program isn't being executed millions of times per second to send millions of different ZKPs to different parties.

ID verification is not enough, you also need some way to prevent one malicious user from re-selling the same ID to millions of others. Without ZKPs, you know what document the user is trying to sign up with, so you can rate-limit that document. With ZKPs, however, you need those rate limits to exist somewhere else.