> This is covered by allowing for single-use credentials.
They said There are proposed mitigations like issuing multiple sets of credentials or rotating them, but we're not going to get an infinite number of keypairs for every website or session in the secure enclave in practice.
> Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs.
The comments you replied to omitted mass surveillance. But the article and 1st comment included it. The government would know what wallet requested each single use identifier.
> The government would know what wallet requested each single use identifier
Which only means that the government knows how many tokens each citizen consumes on average. They don't know where each identifier was used nor the exact timestamp unless each website communicates this to the government, and such a backchannel does not exist in the spec.
They said There are proposed mitigations like issuing multiple sets of credentials or rotating them, but we're not going to get an infinite number of keypairs for every website or session in the secure enclave in practice.
> Basically, the wallet requests a batch of single-use eIDs that all use different device key-pairs.
The comments you replied to omitted mass surveillance. But the article and 1st comment included it. The government would know what wallet requested each single use identifier.