HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kjetil

no profile record

comments

kjetil
·3 yıl önce·discuss
In the EU (and EEA), eIDAS distinguishes between

- "electronic signatures", which can be any electronic data used to sign, like a drawn signature - "advanced electronic signature" (AdES), usually a type of digital signature (XML-DSig, PDF signature, etc.) - "qualified electronic signature (QES), which is a digital signature created by a certified signature device

QES is legally equivalent to a "wet signature", but in my experience rarely used because of cost. AdES is much more common for high-trust scenarios like loan applications. For low-trust like package delivery, a signature (or smiley) drawn on a touch device will usually do.
kjetil
·4 yıl önce·discuss
There is actually one more way to quit vim. If you only have one window open in vim, Ctrl-W Q will exit.
kjetil
·4 yıl önce·discuss
In practice, though, PAdES has a lot more support and has the crucial property of being easy to view by end-users.

Is there any wide use of ASiC?
kjetil
·4 yıl önce·discuss
The article does not mention passkeys, but they seem destined to be almost all of WebAuthn usage in the future, now that both Apple and Google support them. External FIDO keys will probably remain a niche solution for those with special security needs. But where does that leave the platform authenticator approach? It’s great that you can store the key on-device, but is it really worth it ti not use passkeys instead?
kjetil
·5 yıl önce·discuss
QWACs are for web sites, not users. CAs have to be audited as a TSP in order to issue them and be approved by the member state.
kjetil
·5 yıl önce·discuss
Are the TSP audit requirements less strict than what the browsers’ root programs require?
kjetil
·5 yıl önce·discuss
Not being able to automatically renew certificates seems like a rather minor point in the bigger picture.

I get QWAC goes against the trend of phasing out EV certs. But isn’t the real issue that the browsers don’t trust TSP audits carried out for EU member states?
kjetil
·5 yıl önce·discuss
Identity verification services usually combine document reading with something like a video selfie, which provides 1) a liveness check (you are a real person) and 2) a match against the digital image data that was read.

Is it possible to fool? Like anything it is a trade-off. Acceptable security for an acceptable cost. Hopefully it fulfills your security requirements and you saved a physical visit.