[at612]

> Just get the national government to distribute RSA USB keys to every citizen.

I lived in a country that did exactly that. And it was a disaster. The keys were trivially easy to steal, even by accident (personal experience here), and you still have the same trust problem as before, except that with a central authority now you do not have as much control.

I have also used the electronic-signature-comes-with-your-ID-card thing, and it was a similar disaster, with dodgy drivers and half-arsed crypto implementations in common software. E.g., try using the same token in Firefox and Thunderbird (or anything else) at the same time.

PGP is fine. It's just that proper security is not easy. And the same applies in the physical world as much as in computing.

[user5994461]

It's 2FA, it's doesn't rely ONLY on the key for authentication and a token can be revoked easy if stolen.

The implementation and the technology has some challenges to be executed. Just like everyone tech projects, that doesn't have GooMicroZon people. Nothing special ^^

[ryukafalz]

>The keys were trivially easy to steal, even by accident

So distribute keys on smart cards that don't allow you to export the key. This is what Estonia does, and - concerns about their election infosec aside - it seems to work pretty well.

[at612]

> So distribute keys on smart cards that don't allow you to export the key

That's what I covered in the second paragraph. :-)

The thing is, both those implementations were a disaster from either a technological or a security point of view. We're not even getting into whether a central source of trust is a good idea or not (you will look at the state of HTTPS and make up your own mind on that). So, to repeat, proper security is hard.

[drivingmenuts]

> I lived in a country that did exactly that.

Which country?

[vic-traill]

Interesting.

If you don't mind me asking, what country?