- "electronic signatures", which can be any electronic data used to sign, like a drawn signature
- "advanced electronic signature" (AdES), usually a type of digital signature (XML-DSig, PDF signature, etc.)
- "qualified electronic signature (QES), which is a digital signature created by a certified signature device
QES is legally equivalent to a "wet signature", but in my experience rarely used because of cost. AdES is much more common for high-trust scenarios like loan applications. For low-trust like package delivery, a signature (or smiley) drawn on a touch device will usually do.
The article does not mention passkeys, but they seem destined to be almost all of WebAuthn usage in the future, now that both Apple and Google support them. External FIDO keys will probably remain a niche solution for those with special security needs. But where does that leave the platform authenticator approach? It’s great that you can store the key on-device, but is it really worth it ti not use passkeys instead?
Not being able to automatically renew certificates seems like a rather minor point in the bigger picture.
I get QWAC goes against the trend of phasing out EV certs. But isn’t the real issue that the browsers don’t trust TSP audits carried out for EU member states?
Identity verification services usually combine document reading with something like a video selfie, which provides 1) a liveness check (you are a real person) and 2) a match against the digital image data that was read.
Is it possible to fool? Like anything it is a trade-off. Acceptable security for an acceptable cost. Hopefully it fulfills your security requirements and you saved a physical visit.
- "electronic signatures", which can be any electronic data used to sign, like a drawn signature - "advanced electronic signature" (AdES), usually a type of digital signature (XML-DSig, PDF signature, etc.) - "qualified electronic signature (QES), which is a digital signature created by a certified signature device
QES is legally equivalent to a "wet signature", but in my experience rarely used because of cost. AdES is much more common for high-trust scenarios like loan applications. For low-trust like package delivery, a signature (or smiley) drawn on a touch device will usually do.