[jerf]

The CAs have been hacked. Multiple times, in several different ways. And that's just the public ones we know about, which I have no reason to suppose are all of them or even necessarily a significant fraction of what we would consider compromises. At the scale of "everything done on the internet" or "all the money" you can't wave this issue away. It is difficult, if not impossible, to build a security system that is more expensive to break than "all the money and value in the world".

A government identity to do business with the government might just about be possible. A government identity to cover everything done by everyone everywhere is not. The value of cracking that system is just too high.

[Muromec]

> A government identity to cover everything done by everyone everywhere is not. The value of cracking that system is just too high.

So the value of the system being broken is too high, yet we live in a world where it's broken, as anybody can make a photoshop of your driving license? I'm sorry I don't get the argument.

[jerf]

Basic principle of security: A security system should be more expensive to break for the attacker than the value of the thing it is securing to the owner.

This is generally a counter to people using binary thinking and believing that a security system is broken if there is any way in at all, thus thinking things are either in the categories "secure" or "insecure" without any further qualification. In fact those categories don't exist. It is intrinsically at a bare minimum a spectrum of security, and one can slice & dice more finely if one likes based on what sort of attacks various different types of attackers can mount, e.g., defending against whole-internet scans is one thing, nation-state attackers specifically targeting you quite another.

I'm using it in a different way: When what you want to lock behind your security system is essentially "all economic value in the world", such as "we'll solve all identity problems on the internet by just having the government provide identities", that means you need to create a security system that is more expensive to break than "all economic value in the world". However, you can't. Any conceivable security system is easier to break than that.

There is a sense in which it is simply necessary that there be a wide variety of independent identification systems, each individually covering sufficiently small amounts of value that they are possible to exist at all, and with a diversity of costs and strengths to cover the various cases.

[Muromec]

>When what you want to lock behind your security system is essentially "all economic value in the world"

Do I really?

[jerf]

Perhaps you are not a native English speaker, this may help you: https://en.wikipedia.org/wiki/Generic_you

[Muromec]

I think the fault of arguing with obnoxious people on the internet to learn that they are also rude is totally on me.

[sgift]

It's a classic fallacy of "the old one may be extremely bad, but it's already there, so it's okay, but the new one needs to be perfect against anything any scenario someone can think about, no matter how far fetched". We have this pretty often here in Germany. The requirements for anything digital are so incredibly high compared to the non-digital version we have currently/had before (depending on whether we finally managed to introduce a digital version), it's just sad.

Let me send you that totally secure fax with my totally secure signature drawn by hand. Far more secure than a digital document signed by this scary, newfangled electronic signature, which could have been hacked and is therefore totally insecure.

[Spivak]

And because of that a photo of your driver's license is at best a low-pass filter. A central identity system where you get strong identity verification will be relied on for real security and authentication making it a properly juicy target the level of Gmail for account compromises but the real life security of Verizon issuing phone numbers and sim cards.