[magmastonealex]

Canada Post, the equivalent of the USPS in Canada, offers exactly this service [1]

I've used it for Know-Your-Client type stuff with banks, but it is theoretically open to most if not all businesses. Every time I've needed to interact with it, it's been a straightforward process as a consumer.

[1]: https://www.canadapost-postescanada.ca/cpc/en/business/posta...

[donmcronald]

It would be amazing to see the current trust / code-signing industry fail and for something that integrates services like the one you linked to replace them.

I've always thought that a code-signing certificate tied to a natural person should be more valuable than one tied to a faceless corporation, but the industry is (poorly) built around selling high priced certificates to anyone with enough money to start a business.

Imagine being able to get a code signing certificate in a single afternoon by signing up, taking your ID to Canada Post, and downloading your certificate after the identity verification is submitted. That would be quite the difference from the current awful experience where someone in a foreign country guesses and makes judgement calls based on the documentation you snail mail to them.

[scrollaway]

Here in europe we have several countries with digital ID cards. You put your ID in a smartcard reader, you put in your pin, and you can get your identity verified in a web browser.

Belgium has an identity service based on this. Governmental OAuth. https://www.csam.be/en/about-csam.html | https://iamapps.belgium.be/sma/generalinfo

They publish their own eID reader (middleware) and browser extensions. https://eid.belgium.be/en

Even with an official Linux version. :) https://eid.belgium.be/en/linux-eid-software-installation

[mzi]

In Sweden we have "BankID" that could be card based, but almost everyone has it in their phone. It is issued by the banks (hence the name?) since they already has vetted your identity. BankID is used almost everywhere, from online banking to sign your employment contract or collect benefits when you're home to care for your sick child.

The post office used to issue normal identity cards, but today I only think it's the DMV equivalent and the police that does that.

[jrockway]

Wouldn't people just get socially engineered into giving up their code signing certificate? Some ads along the lines of "give us your code signing certificate and be entered into a raffle for an iPhone" would probably work. Stand in line to get some document you'll never use, maybe win a gadget, and a few days later your name is being used to spread malware.

Basically, I don't think a natural person is enough protection against malice. Something like "stick 1 million dollars into escrow, and if someone uses your cert to spread malware, we keep it" is a much stronger incentive. (Not what's done, of course.)

[celticninja]

You need to cater for those people, they will be the bulk of your clients and also need the most support. So make resetting it possible but not easy.

[xxpor]

Or we could just have a modern ID card that already has a cert embedded in it, and skip the whole go to the post office step. Most big companies and the US Federal government have already figured this out for their own employees.

Keep the post office option for the folks that don't have an ID, but for most people, this would be the most straightforward option.

[noodlesUK]

This does work for certain things, but for some things you don’t just want proof of possession of a particular person’s ID card, you want to see that a particular person matches the document they are presenting in addition to verifying that the doc is real.

[xxpor]

I'd have to imagine that's exceptionally rare though. It would be semi-solved with a second factor to unlock the card.

[m4rtink]

Here in Czech Republic the CzechPoint system kinda does that:

https://www.ceskaposta.cz/en/sluzby/egovernment/czechpoint

Its usually situated on post offices or local government offices and makes it possible to get verified electronic signature that you can then use to prove your identity electronically. It can also access various government registries, etc.

[jptech]

Sagawa (a private courier in Japan) provides a similar service but at your doorstep. Basically the sender registers your info with them (mainly DoB) and upon delivery you have to provide an ID, which the driver checks that it matches with what's written on the envelope, then enters your DoB and other info and your ID number into a portable wireless POS device. Only if they match, you receive the package, and then I believe the info entered into the device gets relayed to the sender.

(Use your translation service of choice if desired.) https://www.sagawa-exp.co.jp/service/kakunin/