In Latvia, we have multiplatform app that can read e-signature from your ID card. Not ideal, but still what author would approve, I think. I'd prefer 2-FA using code generator.
The problem with these also end up being like. Does that app share info with third parties? Who made the security chip in the IDs. How fast are the IDs replaced when vulnerablities are found?
I don't really get putting cryptographic IDs into citizen identification. There's not much it provides other than, "well someone had this ID and knew some pin when this ID was used".
The unfortunate side effect of this is, less technical people might see a digital signature as a full and complete proof. While it definitely is not.
> The unfortunate side effect of this is, less technical people might see a digital signature as a full and complete proof. While it definitely is not.
It's far better than the status quo where easily forged documents (passports, driving licences, utility bills) that have a validity period of 5-10 years are considered infallible proof of everything.
In addition, it being cryptographic could mean that you no longer have to share any more data than necessary.
Let's say that you want to implement age verification - all you need is for the card to sign a challenge saying that the user is old enough (which the backend can verify based on public keys published by the government) without having the card reveal anything else.
