mc2fool wrote:UncleEbenezer wrote:Wot, you mean like http://www.experian.co.uk/identity-and- ... cking.html or even like https://www.gov.uk/government/publicati ... vuk-verify?
(Disclaimer: I have been professionally involved in some of the technology behind those).
This tackles a rather different problem. The hard part of any cryptographic identity system is bootstrapping: I can prove that I'm the same "me" I was last time we communicated, but who am I in the first place? The UK government system appears to work without any strong check of that, so it doesn't really solve much.
If you've been involved then you'll know that there isn't actually a UK government system per se but that they've contracted out the checking to certified companies, each of which has different ways of verifying your identity (albeit with a lot in common).
Yes. My involvement is with underlying technology used by such companies.
But in any case, I'm not quite sure what you mean by the above, as verifying who you are is the very first thing the certified companies do. It's only once that's done they just get you to prove you are the same person they verified you were in the first place.
As an end-user, I signed up for government ID. That appears to be accepted for my tax returns. Yet I did all that online, without going through the kind of identity check I've needed for a passport, or even for signing up with a GP.
It was not a secure process. I was seriously taken aback at the lack of checking!
Damned if they do, damned if they don't.
Hmmm...I haven't heard anybody say, damn them, they verified my ID electronically instead of putting me through the grief and expenses of getting certified copies of my passport and council tax bill...
I have. People whose identity was fraudulently used. It's a recurring theme if you read/listen to investigative journalists.