[exabrial]

Guys i appreciate the comment about EMV, I’m aware but it misses the point. They need to be _my_ keys, and ones _I_ can pick and verify. If you don’t generate the key, it’s not actually secure.

At minimum, EMV would need to be verifiable. Ideally rotatable. Best case: chooseable.

[spopejoy]

Until the UX problem is solved making it infallible for noobs to manage PKI, it's probably better for the bank to manage it. Your ideal world at a minimum requires:

- an on-card UI. Yubikey-style one-button-tap is not enough, you actually need to verify the transaction details.

- integration with backend systems to support rotation and recovery because otherwise folks will screw this up and lock themselves out

There's a reason webauthn passkey has obfuscated PKI to oblivion, because they simply can't figure out how to entrust end users with keys.

To be clear, I'm a PKI fan and want all of these things to exist, but we're very far from it. In the interim, a bank-managed PKI is a welcome improvement.

[none_to_remain]

I feel like if you want that, what you have to do is make a social change such that a number of people sufficient to form a marketable niche would even understand what you are talking about.

Like, I understand what you are talking about, most of the readers here understand what you are talking about, but I also understand that almost everyone else doesn't.