> For example with certificates on a national card, like spain or estonia.
There is so much wrong with a national identity card. For example, who will pay for it? I don't want to pay for it. I don't want my taxes to pay for it. Even if you find some way to pay for it, I don't want it. What's next? Will you require me to carry a identity card on me at all times? "Random" cavity search for people walking down the road?
> Even if you find some way to pay for it, I don't want it.
Sounds like you are not open to discussing this.
Also, what does a national ID card have to do with "cavity searches"?
Edit: I understand the American insistence on reducing the reach of the federal government. What I don't understand is how many of those same people are fine with allowing Congress to screw us all over on important issues like healthcare and taxation...
> Sounds like you are not open to discussing this.
Should I be open to discussing everything? Why? Personally, as long as this Congress is in session I think we should block every single new legislative idea because I can't trust it to do anything right.
> What I don't understand is how many of those same people are fine with allowing Congress to screw us all over on important issues like healthcare and taxation...
I don't either. Which is why I think they will manage to mismanage this. Remember, getting health care dot gov up and running took heroic efforts of a lot of people. Just something simple as getting a dot gov website (department of education to be exact) took years. The Path station at World Trade Center was 100% over budget at FOUR BILLION DOLLARS. Nobody cares. It isn't my problem, right? We talk about net neutrality and how we gave over $400B to telecoms to deploy fiber across the nation (which to their credit, they did but what about the last mile?). And about health care, I am sorry but Obamacare doesn't even go far enough to call it an achievement. Apparently, even Germany spends less (as a portion of its GDP) on healthcare than we do. This is insane. The main point of the matter is costs have to come down. People get mad when I say while minimum wages should go up, wages and salaries in general should come down. Credits and deductions should go away when it comes to taxes. Yet, the people who want a "simplified" tax code get up in arms when they can't deduct their house or their car from their income... Why can't I deduct my rent? Why can't I deduct my cost of commute? Why should I? There is no rhyme or reason when it comes to taxes. It seems like it is just about who can push their way through...
You seem to be talking emotionally instead of rationally. But I suppose you already have a passport or a drivers licence (what if you don't drive ?). Then you just add a chip to it. This chip generates its own keys and then you can authenticate yourself with it.
What relationship does providing citizens a way to identify themselves, sign documents, to having cavity searches ... can you show how providing a nationwide digital certificate scheme leads direct to random cavity searches??
It's like if someone says "I fancy Chinese takeaway" and you don't want any you say "enjoy your cavity search" as if that's a natural outcome.
Explain.
Moreover, how is identifying yourself to the police bad? Sure if you live in a fascist dictatorship, but in a Western democracy?
If you're in the US, you already have a national ID. The SSN. Because everyone uses it like that. This would just be a much more secure way of having a unique number for your person.
And if keeping citizens secure is not the job of the government and thus paid for with taxes, then what is?
I am from a country with national ID cards and yes people are required to carry it on themselves at all time if they are outside.
It's mostly used to check your identity if the police stops you while driving, which is a little annoying because surely they could just check that electronically, but it's probably a legacy system. You also use it to verify your age when buying alcohol because driving license is not a valid form of ID.
It's not really a problem, I have mine in my wallet and never take it out, it's been sitting there for years. You can only really get in trouble if you don't have it while driving, and in that case I probably won't have my driving license either because it's in my wallet as well.
> people are required to carry it on themselves at all time if they are outside
... while in other contries there is an ongoing discussion about whether it is against the Constitution to (begin to) require to show an ID when voting!
Are you sure of that? There is an almost finished call for algorithms right now from NIST, because RSA and elliptic curve are known to be broken by quantum cryptography.
While you might not personally believe this to be true, it's not a good design decision to enforce upon the entire world a concept of identity that many security professionals will tell you is broken at scale.
This doesn't even address key management issues such rotation, theft, loss, planting, etc.
You will have to have an Equifax like service that will do the mapping.
But then how do you prove to them that you are who you say you are in order to map you to your public key?
Back to, SSN, driving license and what not.
Edit: I don't think having a governmental service dealing with thousands of people every day(lost keys etc..) is something that is going to happen in the US.
In the United States, at least, the U.S. Postal Service is in a unique position to "pivot" to being an identity and "trust" provider. They already provide a physical-to-identity "mapping" service for the vast majority of Americans.
> In the United States, at least, the U.S. Postal Service is in a unique position to "pivot" to being an identity and "trust" provider.
The USPS is nowhere near equipped to handle this. And there's no way I'd trust them to be competent enough to handle the task with the level of security that it would entail.
> They already provide a physical-to-identity "mapping" service for the vast majority of Americans.
They really don't. Even if we ignore the fact that one's identity is completely separate from the question of where they reside, the USPS has no way to verify residence. They don't really even a way to verify mailing addresses, which is at least a more well-defined problem than residence.
> And there's no way I'd trust them to be competent enough to handle the task with the level of security that it would entail.
Why? Obviously it would be a big undertaking, but the post office already issues US Passports. I'm not sure what you mean by "verifying mailing addresses" because the USPS does provide a way to do verify the correctness and deliverability of an address [1].
The point is that the USPS would be in a good position to become the government body that implements a national identity service.
> but the post office already issues US Passports.
The State Department issues US Passports, the Post Office merely accepts your applications on their behalf.
> I'm not sure what you mean by "verifying mailing addresses" because the USPS does provide a way to do verify the correctness and deliverability of an address [1].
It's only vaguely tied to identity. I have my physical address, but because I live in an RV park and move often, I don't actually receive mail there. In about half of the locations I've stayed, you _can't_ receive mail there.
I use a private mailbox along with a mail forwarding service in order to receive postal mail.
Is used to solve the problem of sorting and routing mail, which is really what the Post Office spends most of their effort on. Every postal address in the US can be uniquely identified by an 11 digit code: your ZIP+4 and the last two digits of your house number, but it completely ignores multi-tenancy and has no provisions for linking to identity.
The post office does not issue passports, the US Department of State does, it literally says right on the passport that it's issued by the Dept of State. Additionally, there's a whole host of government buildings that accept your passport application that aren't the post office. I submitted mine at the county clerk's office.
Have you ever filled out a form that uses that system? It will be rejected if you use any "weird" characters. You know, characters like a period after the abbreviation "St." for "Street". It's ludicrous.
>The USPS is nowhere near equipped to handle this. And there's no way I'd trust them to be competent enough to handle the task with the level of security that it would entail
Is that more market ideology ("public services are by necessity so dumb") speaking, or is there something specific with the US postal service?
>"In the United States, at least, the U.S. Postal Service is in a unique position to "pivot" to being an identity and "trust" provider."
The US Post Postal Service is most certainly not in a unique position to "pivot" to being an identity and "trust" provider."
It's actually quite unbelievable to think that a bloated organization with 500K employees[1] that relies on manual and mechanical processes can "pivot" to become a tech organization providing digital identity management.
The USPS "pivoted" to delivering junk mail for direct marketers years ago. Given that there largest customer is direct marketing, that alone makes them rather unfit to be an "identify provider."
The USPS government mandate is delivering mail and despite having a government sponsored monopoly to deliver mail to mailboxes it still loses money hand over fist[2].
Because unlike an SSN, you never hand out your private key. Ever. Instead, you encrypt things with your private key, and whomever you are validating your key to looks up the public key, decrypts your message, and has their proof.
The public keys can be stolen all day long and they're the only part of the equation that needs to be stored anywhere long term. The private keys are just that; truly private, and ideally extremely difficult to steal.
Yes, there will need to be a public service to manage the public keys, and yes this will be able to be compromised in some dangerous ways, but not quite so dangerous as "Whoops, everyone's SSNs are lost, now any attacker can impersonate them because that's all they needed."
If you think they're going to be difficult to steal you're crazy. They will sit unsecured on personal computers in some folder on the Desktop waiting for any malware to scoop them up. They will overnight beclem the highest value target for hackers.
This is even before we talk about how to handle the huge number of people who will lose or delete them.
Tech can't solve this prpblem. Any system that requires a secret won't be.
They will sit unsecured on personal computers in some folder on the Desktop waiting for any malware to scoop them up. They will overnight beclem the highest value target for hackers.
Most modern phones have secure elements that can generate and store a private key that cannot be extracted through software. Also, it is easy to set up things such that a physical confirmation is required to sign something (this is eg. what some U2F keys or touch ID do).
Of course, you still need a procedure to map public keys to identities and people need to secure their phones in order to prevent someone stealing the phone to make signatures.
But using the secure element of a phone for various forms of authentication is orders of magnitude safer than relying on a credit card or social security number.
If you do something like this you actually need to be serious about it and establish a rigorous vetting/auditing process -- not just hand the contract to whoever donated the most to your election campaign.
Maybe set-up a 3-year long NIST competition or something, like they do when choosing new crypto standards, and establish the winner this way.
The other side of the equation, allowing services to interface with these cards securely, is already being solved by the FIDO 2.0 spec.
With smart cards (EMV, PIV, etc.), cryptographic functions executed on secret materials are usually handled on the card. The host sends the data to be encrypted or signed to the card, requests the card to process it, and then reads the encrypted results or signature. Often, there are no ways to get the chip to send the private key off of the device. Once the private key is generated or loaded onto the device, it can only be erased or written over.
Standards like FIDO and others allow for browsers and websites to utilize these cryptographic functions of smart cards in ways to handle website authentication. The technology exists for smartcards to handle authentication, it is simply a matter of us moving to this technology.
That depends on the chosen smart card technology. Some smart cards are USB devices in themselves, such as YubiKeys or associated FIDO-certified devices. Otherwise, you may want or need a smart card reader to read cards in a similar format to what you see on chip-based credit cards.
USB smart card readers are fairly cheap. Many business-focused laptops have been available with smart card reader options for many years.
The same way you can currently do it with smartcards. When you insert your smartcard into the reader, it is being treated as a certificate. Most major browsers support this, I can vouch for Chrome and Firefox personally, as I use a smartcard for auth in them on a fairly regular basis.
Do you have any information on how you've set that up and which cards and readers you use? I've been thinking about playing around with a similar concept.
The government keeps a publicly available list of the public keys of the people in their jurisdiction. Even the government has no need to know the private keys of citizens. In a sense, a person's identity is the public key. You prove who you are to a third party by encrypting a challenge text provided by the third party. The only reason the government needs to be involved at all is to prevent a single person from having multiple identities, but with or without the government keeping track of the public keys, bank fraud is made exponentially more difficult, and has to be done on an one-by-one individual basis, rather than the situation today where a single hack exposes the credentials of millions.
That's false. By centralizing public keys under the purview of the federal government you have created a single point of failure that is susceptible to theft, spoofing, planting, and numerous other issues.
In Slovenia where I'm from you have to go to a government location, same place that gives out IDs and passports and such, show your government issued ID and sign some paperwork. You are then given a digital certificate that you can use for online banking and e-government stuff. Proper RSA stuff. You install it on your computer and your browser uses it to sign requests.
Seems like a pretty good way to do it, if you ask me.
A slightly more efficient, if less secure, way is how Apple does it for their Apple Developer program. You have to prove to Apple in a way they like that you are who you say you are, then you are issued a certificate with which to sign your apps. That could work too.
I think a dedicated device (e.g. smartcard or USB dongle) is a better option. I know they've had their problems, but personal computers get owned all the time, since they're simply too exposed.
The part I liked about the system in Slovenia isn't so much the particulars of where or how the certificate is stored, but about how it's issued. Since the bit I was answering was "But how do you map a key to a person"
You do that in person, at the fed/state agency, using facial tech, fingerprints, etc. Once you prove who you are, you get to submit a public key to the agency, which you can revoke at any point -- you take a unique key from them too, and some combination of the two you use when signing up for new financial accounts.
Actually e-passports have (in 2017) a pretty competent public-key based issuing scheme behind them. You can read them with NFC and cryptographically authenticate the contents.
That's like saying how do you map a bitcoin to a person.
Public Private key cryptography and the blockchain.
Works great for bitcoins, would work great for identity.
A malicious actor can utilize a botnet to skew the crowdsourcing of trust, for example. In other words, in a WOT for identification, one's identification can be invalidated or stolen by someone who purchases cloud time.
Web-of-Trust means there's a link between you and the other entity. The number of people who trust something is not really relevant, so crowdsourcing wouldn't matter. I know there was a service called WOT that relied on that, but in my opinion they were simply misusing the concept.
A pgp wot or the wot that you refer to can be subverted. In the scenario of everyone's identification, the WOT covers everyone in the population not a small WOT inside a relatively much larger population.
So your interactions with the other people in your life (which could be affected by breaches of privacy) are all going to be governed by public key cryptography? Look I like strong crypto but this is getting ridiculous.
