alt Hacker NewsIn light of all of these shortcomings with platform attestation, why go with the eIDAS 2 wallet approach at all? eIDAS 1 already solved this with Mobile-ID (SIM-based, no Google/Apple dependency) and Smart-ID (server-side key management with minimal platform reliance). What does the wallet model give you that justifies this level of dependency on two American corporations’ proprietary backends?
Especially considering that mobile-ID has been around since 2007.
Replies
I’m sorry to lash out at you but I keep getting disappointed in European countries (more precisely the ever disappointing EU commission) all suffering of the NIH syndrome instead of collaborating and learning from each other
Isn't the eIDAS 2 wallet approach a legal requirement of eIDAS 2 (which is an EU regulation, i.e. the law).
SIM-based solutions are on their way out because phones are starting to lose SIM slots. Certifying eSIM implementations to the same EAL level (as Mobile-ID SIMs are) is way way too difficult. At least for one country doing it alone.
Smart-ID sucks. It's not truly hardware-backed, it's proprietary and has fundamental flaws like not having a direct link between the site being authenticated to and the authenticating device (auth can be proxied, just like if it were just plain TOTP).