[Avamander]

> Have you set up client side certs? I'd love to hear your experience if so.

Entire Estonia and a few other countries use them daily. For logging into banks, Craigslist-equivalents, online stores, service providers etc. etc.

[mooreds]

Thanks for the pointer. Here's an interesting article on using the Estonian client cert:

https://wandernauta.nl/2015/08/27/estonian-id-with-nginx-and...

[chrisshroba]

Interesting! Why does the distinction of a country matter here? I mean - why would using client side certs be something a country as a whole uses, as opposed to a certain type of company or something? Does it have to do with some sort of national firewalls or anti-encryption laws?

[LilBytes]

Estonia went electric everything for... Well. Almost everything.

https://en.m.wikipedia.org/wiki/Digital_signature_in_Estonia

https://e-estonia.com/solutions/e-identity/

[chrisshroba]

Cool! Thanks for the links.

[tarjei]

Some countries implement verified authentication schemes for their inhabitants that can be linked to both government and private services.

I.e. you have one login to use when filing taxes, getting health data, social security, interacting with your local school etc.

[Avamander]

It has to do with widespread deployment and a central trust authority - that the specific citizen holding the specific citizen's cert. Service providers don't have to deal with the massive pain that is identity verification, there's no cumbersome stuff like faxing someone a gas bill to prove their identity.