Re: [tlug] OT: Japans digitilization

[furkan@example.com]

On 2020-09-28 10:37, Benjamin Kowarsch wrote:
> On Mon, 28 Sep 2020 at 10:00, <furkan@example.com> wrote:
>
> > * authencity is inunderstandable for ordinary people (must be
> > provided)
>
> Note, however that telephone numbers (and thus fax numbers)
> can just as easily be spoofed as email addresses. One cannot
> deduce authenticity from either.

Yes.. Also very easily MITM'ed and hard to detect.
For some reason, people didn't fear it being spoofed that much. Maybe
not exploited a lot?

> Of course a personal hanko can also be reproduced with relative ease.
> Signatures are harder to imitate. Perhaps we should use fingerprints
> :-)

I was thinking (maybe wrong, but) that they are relying on micro details
of hankos, hoping that it's not plastic with no distinguishable surface.

> > * Some governments are just issuing passwords. Use your government
> > issues ID number and password, after that, whatever you do, is
> > "authentic".
> >
> > (many features)

The approach, especially multi PINs (guessing multiple private keys 
inside),
etc. are very good ideas.

Online usage, is found to be quite impractical, requiring smartcard 
readers.
Although I don't agree that it is impractical, it's just not widely used 
yet.
IMO it's a good trade of convinience. (I should get a reader and start 
using
myself to have better idea)

I wish I could register any private key that I could generate and manage
myself with government offices. That'd be great. Even GPG pubkeys, so 
they
could send encrypted email to me (although it would create a source of 
many
more problems to deal with, and troubleshooting guides they need to 
prepare
beforehand, workarounds for completely lost/inaccessible keys, etc.)

--
Furkan Mustafa
https://rainlab.co.jp