top | item 47179222

(no title)

The Swedish BankID has the same potential weak point. Any centralised system does.

The way TLS on the Web works is better: as long as the CA is up some time during the period I need to renew it is fine. Digital IDs should really work that way (probably with relatively short life spans just like let's encrypt: the digital ID could need to be renewed once a week for example, and it would opportunisticly renew when less than half the time is left).

discuss

SkiFire13|2 days ago

Italy's digital ID (SPID) works by having multiple trusted providers that can attest your identity. You can sign up with multiple of them, and if one is not available you could use another one. Not perfect (it's still centralized in the hand of 10-20 providers) but better than nothing. Unfortunately most people only ever signed up with one provider, and the government is now pushing for a more centralized digital ID istead (CieID).

vidarh|2 days ago

All of these IDs in the EEA are based on a common set of EU requirements, and in theory that means multiple providers, but in practice in many countries the set of providers is small and with feature gaps. E.g. Norway has several providers, but they provide different levels of security and features, which means in practice most people rely on BankID...

10-20 is fantastic in comparison. Even if people don't have more than one it at least reduces the blast radius..

lxgr|2 days ago

For anything as high stakes as eID you need real-time revocation checks, which brings you back to at least some level of centralization.

j16sdiz|2 days ago

I don't understand. We don't have real time revocation for passports, do we?

In fact, we don't have real time revocation of any document until very recently...

jdmoreira|2 days ago

Sure... but it should degrade to work when the central services are down.

You should still be able to authenticate with each individual service when the centralised service is down.

There is no reason why you shouldn't be able to login to your bank under these circumstances.

progbits|2 days ago

Revocation lists can be distributed.

repelsteeltje|2 days ago

Agreed, there should not be a tight (temporal) couple.

But it's a trade off. Long-lived TLS certificates have always had the cert revocation problem. OCSP stapling never took off, so in the end the consensus seems to have been to decrease expiry date. (Mostly fueled by Let's Encrypt / ACME).

Relying on expiration rather than explicit revocation of course also assumes (somewhat) accurately synchronized clocks which is never trivial in distributed systems. In practice it put's pressure on NTP, which itself is susceptible to all kinds of hairy security issue.

I like to think of the temporal aspect as a fail-open / fail-close balance. These centralized solutions favour the former, and that's why we see this resulting outage.

designerarvid|2 days ago

BankID is not government backed, and most governmental agencies have alternatives to BankID as well.