I had a thought awhile back. In the vast majority of uses, identity is exactly the issue. Yet in the vast majority of compromises or problems, the problem is correlation and combination of data. By this I mean it seems to me that, say, the Social Security Administration needs to be able to identify a citizen in order to know whether and how much they need to pay a person of a certain identity to avoid paying the wrong amount, the wrong person, double-paying, etc. There does not need to exist an identity which spreads beyond that. Your credit card company does not need to use the same identity and a unique identity which functions solely within the context of the credit card account is all that is needed. Instead, we have identities that get spread across multiple services even though there is never any actual need to relate or correlate the activity across those services. This seems like the sort of situation that cryptography can solve, although obviously there would be a lot of usability work to be done. But it seems to me that cryptographically unrelatable distinct identities which has only 1 possible point of aggregation (you) is what is needed.

I've heard that in Japan, stamping with your personal stamp is accepted (and perhaps sometimes even required?). They have made electronic gadgets that store their stamps as images so that they can directly sign (stamp) an electronic document (using a specific input device).

I think we should have something like this, but with a personal certificate instead of an image. Of course I guess it requires some logistics (lost/stolen stamps, expiration dates, perhaps the stamp should be activated with fingerprints...).

Isn’t this equivalent to stamping PDFs with your signature like we do elsewhere ?

Also the stamp has to be registered to have legal value, which makes it tough to change.

But your idea of signing with the result of some personal certificate is very nice. It can be checked by crypto, different everytime, and wouldn’t matter how it is signed, if it’s easy to reproduce the content etc..

> Also the stamp has to be registered to have legal value, which makes it tough to change.

This is not actually true. Some stamps need to be registered (for example the stamp for corporation), but personal stamps for most applications don't need to be registered -- even for bank accounts. I have several and I'm always forgetting which one I used for my different bank accounts :-P.

One of the strange things about Japanese stamps is that if you let someone have your stamp, then it is considered that you have given them permission to do whatever they want with that stamp. The very fact that they have the stamp means that they are authorised. I got very angry at my previous employer (the government, no less) when my contract was over. They demanded that I give them my stamp I had used for stamping my time card. It happened to be the one I used for my bank account too (because I was clueless at the time!) It took me a couple of months to work around that. If you are ever working in Japan, treat your hanko (stamps) exactly the same way you would treat your encryption keys: use a different one for each application if possible.

As far as I know the registering part is mandatory for legal use but lets the accepting party decide to check it or not.

For instance as you point out for banks you can open an account without any check (you’re giving them money) but you won’t get a mortgage without proof of registration (they’re taking the risk)

At a previous company my boss had his company stamp (a shachihata) in a drawer for us to use when he’s not there. It’s interesting because by the rule of law we would be the one in fault for using someone’s stamp, so it better be for stuff he approved verbally or other ways.

Too bad anyone can access your stamp if you simply lose it. When I first saw the stamp thing for myself, I couldn't fathom how anyone would consider that secure. Better than a signature? Maybe. But easily reproducible and too tangible to consider safe.

See the examples below in discussion with personal certificates and signing keys embedded in gov't ID chipcards of certain European countries, Estonia has this for more than a decade already and now many more countries have something like this.