Giving people an official RSA keypair in their smartcard government IDs is fine. That solves all sorts of problems, and enables a bunch of really cool tech.
Requiring that every public key used in any context be registered with the government, or worse, some sort of key escrow, is a totally different matter.
I was thinking less “everyone must register all their public keys, and you can’t have a second identity with its own key” and more “everyone has to have at least 1 public key officially associated with them so that they can sign things and be sent stuff securely.” And that Estonian system sounds pretty cool.
Well the former pretty much describes the current state of affairs. Anyone with a government ID card or national healthcare ID probably has a chip embedded with an escrowed signing key. There’s really nothing unique about Estonia here—they’re using the same system everyone else is using. Even if your country, like the USA, doesn’t have a national ID of some kind or doesn’t have a chip embedded, your passport does. The international standard governing “smart passports” being issued by just about every country in existence for the past 5-10 years includes embedded digital signature capability.
Now I don’t really know how to estimate the probability of sliding into the latter case. I don’t see them as intrinsically connected however.
Giving people an official RSA keypair in their smartcard government IDs is fine. That solves all sorts of problems, and enables a bunch of really cool tech.
Requiring that every public key used in any context be registered with the government, or worse, some sort of key escrow, is a totally different matter.
I was thinking less “everyone must register all their public keys, and you can’t have a second identity with its own key” and more “everyone has to have at least 1 public key officially associated with them so that they can sign things and be sent stuff securely.” And that Estonian system sounds pretty cool.
What would you estimate the probability of ever having the former without the latter being? Of having that happy state last for more than a few years?
Well the former pretty much describes the current state of affairs. Anyone with a government ID card or national healthcare ID probably has a chip embedded with an escrowed signing key. There’s really nothing unique about Estonia here—they’re using the same system everyone else is using. Even if your country, like the USA, doesn’t have a national ID of some kind or doesn’t have a chip embedded, your passport does. The international standard governing “smart passports” being issued by just about every country in existence for the past 5-10 years includes embedded digital signature capability.
Now I don’t really know how to estimate the probability of sliding into the latter case. I don’t see them as intrinsically connected however.
Generating private/public key pairs is trivially easy.