HackerTrans
TopNewTrendsCommentsPastAskShowJobs

myrion

no profile record

comments

myrion
·3 maanden geleden·discuss
I don't use old Reddit, and haven't noticed this behaviour either.
myrion
·5 maanden geleden·discuss
Well, yes, if they use something completely different to what's published and designed.

But no, we're not talking about the case where there's no trust at all in the government, because then you don't get verifiable credentials at all. We're talking about building privacy-preserving credentials that actually have a use.
myrion
·5 maanden geleden·discuss
That's not how that works - they can prove they check by showing logs, rather than VPs. There's even legal limits on what identifiers they can store and for how long. But even ignoring that, they'd be storing only very limited disclosures.

The base registry stores identifiers of issuers and verifiers, not credential holders.

Even the status register does not contain the tokens themselves:

> Within these status lists, each index (i.e., status entry) documents the validity of one VC. The corresponding index is captured in the VC’s metadata to allow for a decentralized status information retrieval that does not require verifiers or the VC holder to contact the issuer.

Of course, each issuer needs to maintain a list of the credentials they have issued in order to be able to ever revoke them. That's unavoidable.
myrion
·5 maanden geleden·discuss
In the Swiss system, it depends on what they verified. If they required your full ID, that has a document number like a passport and they could track that.

If they did the right thing and only asked for the over 18 bit, then they wouldn't have a trackable identifier.
myrion
·5 maanden geleden·discuss
There's no dynamic analysis done, necessarily. In the Swiss design, fex, SD-JWTs are used for selective disclosure. For those, any information that you can disclose is pre-hashed and included in the signed credential. So `over_18: true` is provided as one of those hashes and I just show this to the verifier.

The verifier gets no other information than the strictly necessary (issuer, expiry, that kind of thing) and the over 18 bit, but can trust that it's from a real credential.

That's not strictly a zero knowledge proof based system, though, but it is prvacy-preserving.
myrion
·5 maanden geleden·discuss
The revocation checking is implemented in a way where the government doesn't know who you checked and you can even cache the information (if that's good enough for you) so they won't notice at all.
myrion
·5 maanden geleden·discuss
That assumes the companies store the individual tokens, as does the government. Neither of which are part of the design, but could be done if both sides desired it.

The Swiss design actually doesn't store the issued tokens centrally. It only stores a trust root centrally and then a verifier only checks the signature comes from that trust root (slightly simplified).
myrion
·6 maanden geleden·discuss
Schweissen und löten. Has nothing to do with Switzerland (Schweiz) ;)
myrion
·8 maanden geleden·discuss
Because politicians make laws, and those affect the "legal hurdles" that companies need to deal with.
myrion
·9 maanden geleden·discuss
Considering that companies will do everything to avoid doing sensible things that cost money - yes, of course the government has to step in and mandate things like this.

It's no different from safety standards for car manufacturers. Do you think it's ridiculous that the government tells them how to build cars?

And similarly here: If the company is big enough / important enough, then the cost to society if their IT is all fucked up is big enough that the government is justified in ensuring minimum standards. Including for backups.
myrion
·vorig jaar·discuss
There's no much difference between the two positions, and the former is very much a lead-in to the latter.
myrion
·vorig jaar·discuss
FIDO authenticators. If the "autofill" doesn't work, you can't be tricked into overriding it.
myrion
·vorig jaar·discuss
Great and simple UI, synced across all your devices (which is what ended up killing RSS in f.ex. Thunderbird for me).