[klabb3]

Why not just have the Secure Enclave in the ID card and use NFC to communicate with it? Think about it, you literally have dozens of computers between you and the provider. Routers, middleboxes, load balancers, servers etc, all insecure or untrusted, but somehow my device needs to have their special rootkit and hardware DRM. A separate device that can be provisioned with ID is the least to ask. If the government doesn’t trust me with my device, fine, but then return the favor - I don’t trust them either. Both governments and corporations that are gonna use this have long track records of invasive, often illegal spying - whereas my track record is letting people mind their own business.

[izacus]

This is exactly what the ID cards I'm talking about are. You tap them to the phone or a desktop reader and it works. You just invented something that already exists.

eIDAS just takes this one step further and gives you an option to not have to carry your card with you. But if you refuse to have an attested phone, then you pay those 20EUR to get the ID card (which you probably need for other uses as well) and move on with your life.

[klabb3]

> This is exactly what the ID cards I'm talking about are. You tap them to the phone or a desktop reader and it works. You just invented something that already exists.

Great, thanks for clarifying. Please be mindful not everyone are domain experts and we’re all (hopefully) trying to learn.

Now, do you know whether ID cards will work with the proposed German system for e2e online ID verification? My understanding from comments was that it doesn’t, and providers are free to require the app-based version.

In Sweden we have an app-based system now (BankID), and afaik there are no alternatives that work reliably. You have to buy an American phone every few years to participate in basic societal functions. However, the government is ”looking into” decoupling digital identity from (1) banks and (2) mandatory hardware manufacturers (iOS/Android).