I don’t see any key exfiltration CVEs on that list. Or anything that could be exploited in a way that is relevant to discussion of digital identity documents.
The biometric data doesn't leave the device in any of these protocols. Keybinding to TPM keys and Wallet provenance is used. I’m not sure you really understand how this works it sounds more like you have a basic FUD imagining a world where instead of literally uploading a photo of your drivers license you present a digitally signed certificate with the same info. I can’t really argue with FUD other than encouraging you to onboard an mDL version of your government ID and to try using it the next time you fly, provided you live somewhere where this technology has been made available. It’s demonstrably better and you can experience it or talk to someone who has today.
The biometric data doesn't leave the device in any of these protocols. Keybinding to TPM keys and Wallet provenance is used. I’m not sure you really understand how this works it sounds more like you have a basic FUD imagining a world where instead of literally uploading a photo of your drivers license you present a digitally signed certificate with the same info. I can’t really argue with FUD other than encouraging you to onboard an mDL version of your government ID and to try using it the next time you fly, provided you live somewhere where this technology has been made available. It’s demonstrably better and you can experience it or talk to someone who has today.