Absolutely. The important part is that certificates don't necessarily need to encode any personal information to be immediately useful as a factor of authentication. The fact that a person controls the private key associated with the certificate should be enough to allow any given server to trust the certificate, if they have enough confidence that the private key is being securely stored by the user.

Now extend that to a personal certificate authority. As long as the server is able to trust that the Root Certificate, and any Intermediates certs in that CA are controlled by the user, they should be able to trust certificates signed by that CA to authenticate that person.

Thanks for explaining, would you mind answering a follow-up?

> the fact that a person controls the private key associated with the certificate should be enough

Going back to my example, of you and I both claiming to be the same person with our certificates, us both having a private key doesn't solve this problem. Who authenticates who is the real person? Or is that not the point of certificates?

> if they have enough confidence that the private key is being securely stored by the user

Or... is it that a self-signed cert just proves who owns the private key, and I'm putting to much into what a cert is supposed to be?

> and any Intermediates certs in that CA are controlled by the user,

ah, ok, so I can act as my own CA because I have the private key for the root of trust.