alt Hacker NewsThat would be nice, but how would the bank verify the signature? It's the same old key exchange problem all over again.
In any case, that's not what I was suggesting. I was simply suggesting that banks shouldn't be allowed to force you to depend on certain apps or app stores to get access to your money. Similarly, schools shouldn't be allowed to force you to depend on certain apps or app stores to take proper care of your kids.
> That would be nice, but how would the bank verify the signature? It's the same old key exchange problem all over again.
I suppose you could print your public key as a QR code on a piece of paper, or display it on a phone, or use a USB security key device, and physically give it to an authorized employee at a local bank branch. Or if there is a way to electronically open an account you submit it then, along with whatever other proof of identification is deemed acceptable. I think root of trust has been, and always will be, a hard problem. It's just about finding the acceptable level of risk. Security is weaponized inconvenience.
Edit: Just to think down that road a little further, I expect the issue exists because the solution chosen by the school/bank/gov't/business will not be the optimal one for users, but the most expedient for the org. They're going to do the lazy thing that works for 80-90%, because there currently is no better alternative that they can implement with minimal effort.
If we look at the past we see that postal mail and telephones became standard methods of communication, but you could always walk into an office somewhere and handle business in person. Now that last default is quickly being phased out. So what should be final fallback method of communication?
So I see two problems: there is no better way, and there is no required minimum. Both need to be solved.