Hacker News new | past | comments | ask | show | jobs | submit login

Yes, it's officially supported by providing everyone the possibility to sign documents with it. It was made an EU-wide standard in 2016 https://www.etsi.org/deliver/etsi_en/319100_319199/31916201/... but previous iterations have existed since 2002.

The person you replied to is pretty much right, Estonian ID-card has solved 99.99% of authentication and signing problems for it's citizens, the support is mandated by law and very widespread. There are a few flaws but those are minor compared to the softly put clusterfuck rest of the world is dealing with.




Flaws like this? https://arstechnica.com/information-technology/2017/10/crypt...

I support such uses of smartcards, but we have to be disciplined regarding our assumptions about non-repudiation.


I'd rather not start compiling a list of password-username database thefts, credential stuffings, identity thefts, forged paper signatures, the time lost to inefficient paper procedures, secrets stolen due to how hard it is to encrypt things etc. etc. etc.

Of course we have to be disciplined, but other things can't even remotely reach the security such a solution provides. Your comment has very FUD-y undertones, rising concern about a very minor thing if you actually look at how much it solves and how much better it is compared to other widespread applications.


I'm extremely enthusiastic about smartcards, even trying to build a startup around making it easier to deploy and build services around smartcard-based authentication and key management. I agree that in terms of overall security they're incomparable to the existing mess. But, fair point--I flubbed attempting to articulate a tangentially related concern.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: