WingNews logo WingNews
top | item 38409099

(no title)

DownGoat | 2 years ago

BankID is mostly snakeoil. It's not really much more than TOTP 2fa, where you have to have shown physical ID to some of the involved organizations at some point. All the stuff they do with keys is pointless in the end, and is just theatrics to make it sound safe.

The providers holds all the keys, you cannot verify that a signature is legit yourself, you wont get access to the keys they use to sign things, and a cryptographic signature is not really the same as a normal signature on a document.

discuss

order

bertil|2 years ago

I don't think anyone assumes it's any different than what you describe: centralised, official server than let users authenticate.

You might have wanted something else, but it's never been presented as a decentralised or open solution.