←back to thread

I read the federal government’s Zero-Trust Memo so you don’t have to

(www.bastionzero.com)
656 points EthanHeilman | 3 comments | 27 Jan 22 15:06 UTC | HN request time: 0.001s | source
Show context
adreamingsoul ◴[27 Jan 22 18:02 UTC] No.30103816[source]
Here in Norway we have BankID which uses MFA. To access any government, banking, or official system you have to authenticate with your BankID.

Its simple amazing.

replies(8): >>30103945 #>>30103980 #>>30104019 #>>30104025 #>>30104329 #>>30104701 #>>30104874 #>>30113601 #
1. brimble ◴[27 Jan 22 18:12 UTC] No.30103945[source]
There's significant bi-partisan resistance, in the US, to anything like a national ID, unfortunately, with the result that we have one anyway (because of course we do, the modern world doesn't work without it) it's just an ad-hoc combination of other forms of ID, terrible to work with, heavily reliant on commercial 3rd parties, unreliable, and laughably insecure. But the end result is still a whole bunch of public and private databases that personally identify us and contain tons of information—kind of by necessity, actually, since our ID is a combination of tons of things.

It's a very frustrating situation. Worst of both worlds.

replies(1): >>30105029 #
2. seniorThrowaway ◴[27 Jan 22 19:27 UTC] No.30105029[source]
I've done some thinking about this, and a possible solution is a bunch of cross signed CA's like the Federal common policy / FPKI for cross trust amongst federal agencies, but done at a state DMV / DPS level. Driver's licenses / state IDs could have certs embedded into the cards and then be used for things like accessing government websites, banks, etc. Yes there are some access concerns, and some privacy concerns that this is in essence a national ID, but what we have now is horribly broken, and we're already being tracked. We get all the downside of pervasive tracking, but none of the upside.
replies(1): >>30106094 #
3. currency ◴[27 Jan 22 20:31 UTC] No.30106094[source]
Would that look anything like the REAL ID system?[0]

[0]https://www.tsa.gov/real-id