> figure out how to extract the private key from the ID,
I never said the private key would be embedded inside the ID. In fact, I would think a paper copy at home would be most appropriate.
> Associating public keys with names
DMV, Passports, Banks, RealID already get our fingerprints. In fact, these could be SALT to the private key kept separate.
I hear your argument about centralization, but that genie is already out of the bottle. Making it better is a good idea, no? Also, if any vulnerability occurs, I can go back to DMV and register a new PP pair.
Still, I do like your idea of having PP pairs beyond just centralized entities.. start using them everywhere you have an account.
> I never said the private key would be embedded inside the ID. In fact, I would think a paper copy at home would be most appropriate.
As soon as such a thing existed, people would want to start using it for everything, and nobody is going to want to do cryptography with pen and paper. It would end up in a card or device people would carry on their person so they could use it and then it would be a huge theft target.
> DMV, Passports, Banks, RealID already get our fingerprints.
It's the same problem, you'd have a central database mapping public keys to fingerprints and then it's a single point of failure/compromise. The attacker could get your fingerprints from the DMV, associate their public key with them and then start impersonating you using two factor authentication because they have your fingerprints and the corresponding private key to the public key the DMV has on record for you.
Let each entity maintain the mapping themselves. Your employer has a computer that says the ID badge with public key 1234 is yours. You don't need the DMV to do anything there, and then nobody can cross-correlate anything and if anybody breaks it they only compromise one system.
> I hear your argument about centralization, but that genie is already out of the bottle. Making it better is a good idea, no?
Getting rid of it is a better idea. Or start by making the centralized system worse and more restrictive so people use it for fewer things and replace existing uses with decentralized alternatives, and then get rid of it.
> Also, if any vulnerability occurs, I can go back to DMV and register a new PP pair.
They stole all your money, broke into your company and stole the trade secrets, filed separate fraudulent claims against your home, life, car and medical insurance policies, took out a second mortgage on your house, sold the title to your car and gained access to your computer where they found some information they're now using to blackmail you.
You can go to the DMV and change your public key, but that's closing the barn door after the horse has bolted. Better that only one of those things happen than all of them, no?
I never said the private key would be embedded inside the ID. In fact, I would think a paper copy at home would be most appropriate.
> Associating public keys with names
DMV, Passports, Banks, RealID already get our fingerprints. In fact, these could be SALT to the private key kept separate.
I hear your argument about centralization, but that genie is already out of the bottle. Making it better is a good idea, no? Also, if any vulnerability occurs, I can go back to DMV and register a new PP pair.
Still, I do like your idea of having PP pairs beyond just centralized entities.. start using them everywhere you have an account.