This is generally a counter to people using binary thinking and believing that a security system is broken if there is any way in at all, thus thinking things are either in the categories "secure" or "insecure" without any further qualification. See īasic principle of security: A security system should be more expensive to break for the attacker than the value of the thing it is securing to the owner. But it's all built on top of existing PKI infrastructure that is used for decades before to tackle the problem of district tax office doing shenanigans with your tax reports.Īnd of course the most no brainer way to roll it out in a fragmented landscape of US is to let banks be Oauth2 providers, as they are already tasked with KYC stuff and have a license to lose. Then there is Ukrainian Diia, which is kinda both and also bundles government services themsevles and a digital id generator into the same app. There is no rocket since involved - government agency sends you an activation code to your registered address and you activate the app. On the other side of the spectrum, there is Dutch digi Id, which is the only way to use any government service online and works either with pure and simple username+password or a second factor through the app. Federal agencies use smartcards internally, there is federal root and the copy-cat of that was successfully rolled out in different flavors in several countries in Europe as well. Or, to put it in SSL terms, each government has a root CA, that issues a sub-CA certificate to the card producers ("can issue certificates for #.de"), who in turn have the card provision its own public/private keypair, and then sign the card's public key to use as a sub-CA ("can issue certificates for #.").Įven US had it solved two decades ago on a peak of post 9/11 paranoia. We'd additionally need a standard similar to what Germany and Croatia have done that allows a person to use their computer or phone as an NFC reader "proxy" to create a digital signature against a service-provided challenge that can then be traced back to the government's PKI. It's just a read-only dump of the data, signed with a certificate from the card issuer. The problem is that while ICAO 9303 is a standard to retrieve and verify the data, it's fundamentally based on the assumption that it is just used to retrieve the data written in cleartext on the card as well as the biometric data so that you can build a staff-less boarding solution for air and sea ports. These cards can be read by any NFC enabled smartphone that can act as a reader, and the chips themselves can act as a a secure element capable of a range of cryptography functions. > Some sort of public/private key repository kept by licensing authorities would be a more preferable solution to me at an initial glance.Įveryone in possession of an ICAO 9303-compliant ID card / password (so, at least everyone in Europe) already has such a thing. Yeah, using bad (phone) photo copies of IDs in 2024 is the least problem with Swiss bureaucracy for me here, there seems to be a lot of ingrained trust in the system (which is great when it works). Literally untouchable folks.Īnd then other bureaucrat by chance picks up a phone and takes a look after a year during one desperate final call, balks in horror and WTFs, goes on 5 minute tirade full of apologies (I guess I could sue Geneva canton for undue stress on me and whole family since that shit was real we could be easily forced out) promptly does everything in 5 minutes. I tried naively to just go to the bureau but was literally kicked out of the building. You see the process working on others within few weeks yet you are stuck there, without any info apart from 'wait', without any option to anyhow contact physical person handling your case, your main permit allowing your existence here expiring, yet the evidently lazy bureaucrat which sometimes picks up official phone for whole bureau doesn't bulge a bit, stating 'there is no time limit how long this could take, bye'. I have a single proper horror story with otherwise flawless (yet nontrivial) Swiss bureaucracy - one of those situations where you are completely at the mercy of incompetent bureaucrat which couldn't care less, to allow just your basic existence in this country as a highly sought-after expat, since evidently solid past 12 years means nothing. Yeah, Suisse can be a bit weird - ultra modern stuff mixed with very conservative stuff from maybe 70s or 50s, not sure which century though.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |