logoalt Hacker News

cryptonector10/02/20241 replyview on HN

Correct. In practice the latter isn't really possible because the issuer can always record the subject public key info, or the serial number, or a hash of the certificate, and they can then use that to identify the real subject. However for low-value things I might use them.


Replies

AnthonyMouse10/02/2024

No, you can do the latter. You literally have a secret that implies the bearer meets the particular characteristic (e.g. is over 18). They don't each get their own certificate, they all get the exact same one down to the last byte, so you can't correlate it with anything other than the group of people who are over 18.

But then there's nothing stopping any of them from sharing the secret with people outside the group.

show 1 reply