| ▲ | lxgr 12 hours ago |
| For anything as high stakes as eID you need real-time revocation checks, which brings you back to at least some level of centralization. |
|
| ▲ | j16sdiz 12 hours ago | parent | next [-] |
| I don't understand. We don't have real time revocation for passports, do we? In fact, we don't have real time revocation of any document until very recently... |
| |
| ▲ | xorcist 12 hours ago | parent | next [-] | | We do. There are centralized databases of passport serial number, for blacklisting (revocation) or just persons of interest. | | |
| ▲ | lxgr 11 hours ago | parent [-] | | For all countries? I was always wondering about that when doing one of these wonderful "take a selfie of you holding your passport" "authentication" procedures... |
| |
| ▲ | zirror 12 hours ago | parent | prev [-] | | don't we? We call somewhere and revoke the Passport, atleast in Germany. | | |
| ▲ | lxgr 11 hours ago | parent [-] | | But does that propagate to every entity worldwide using passports for identification, including all non-government-affiliated companies and KYC providers? | | |
| ▲ | Muromec 11 hours ago | parent [-] | | That's very true for a lot of PKI systems too. The revocation lists are published, but nobody is reading them. | | |
| ▲ | lxgr 2 hours ago | parent [-] | | At least they exist. I've tried looking into this in the past, and I haven't really found any public passport revocation list, even of just numbers (i.e. without disclosing associated names or any other sensitive data). |
|
|
|
|
|
| ▲ | jdmoreira 12 hours ago | parent | prev | next [-] |
| Sure... but it should degrade to work when the central services are down. You should still be able to authenticate with each individual service when the centralised service is down. There is no reason why you shouldn't be able to login to your bank under these circumstances. |
| |
| ▲ | Ekaros 12 hours ago | parent [-] | | Finnish system works like that. If central system is down I can still log in to bank. But I can not log into say tax or healthcare system. |
|
|
| ▲ | progbits 12 hours ago | parent | prev [-] |
| Revocation lists can be distributed. |
| |
| ▲ | lxgr 11 hours ago | parent | next [-] | | Yes, but they still originate somewhere, and if that source goes offline, you're still at risk of accepting stolen credentials. | | |
| ▲ | VorpalWay 8 hours ago | parent [-] | | Yes, but under the assumption that downtime is typically short (a few hours), that small risk seems better than a foreign nation state actor being able to block essential services like identifying with healthcare, or sending transactions. |
| |
| ▲ | 12 hours ago | parent | prev [-] | | [deleted] |
|
