Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Proposed alternative - you get your own private-key as an identifier. Nobody ever can ask for the private key, they can only ask for a signed message that proves identity. Thus a lot of categories of fraud are no longer possible because there is no shared reusable number in the event of a leak.



In Denmark, you are issued a one-time pad. You get a new one with some frequency. If you lose it, you are issued a new one.

In that case, third parties could use a government website to get a row/col and ask you to verify, and the website could say yes/no. Yes, there is a risk of your one-time pad being stolen, but it is no greater than the current risk that any US citizen's tax documents or SS card can be stolen.


How do they bootstrap the verification when you say you lost your key?


You can read more here: https://www.wikiprocedure.com/index.php/Denmark_-_Replace_Lo...


That's an annoying denial of service attack; and you would typically do this by making the burn require very little authentication and the recovery a visit to a local government office, such as the police or a court.


What do you do when you lose your private key?

Who issues the private key? "get" implies it comes from somewhere, i.e. a CA system.

If the government is the CA system, and your private key is your identity, how do you establish your identity in the event that you lost your key?

The nice thing about SSNs being immutable is that none of these are concerns. (It's also the bad thing about SSNs being immutable.)


That and I can memorize my SSN.

We do have one thing in the US that’s physical proof, and that’s your birth certificate. But I’m sure people lose them and they can be pretty easily fabricated.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: