Well, I can also give my younger brother my ID to sign up to a site he shouldn’t be allowed to. It’s not perfect either. The advantage of this method, is that my digital ID that generates the certs can require authentication (e.g. a pin, or biometric) and sign a single cert which is valid for a single instance (this minute of this day) for a single site. It’s still anonymous, since this can be signed client side, but it can’t be abused.
If someone maliciously leaks their own certificate, and people start using third party software to sign stuff, that’s pretty dangerous, as your cert can be used to sign stuff with your ID attached as well if you want, meaning people could impersonate you for a lot of things, so you’d be pretty dumb to do that, and should report to the police that your ID has been compromised and get a new one issued.
Well, I can also give my younger brother my ID to sign up to a site he shouldn’t be allowed to. It’s not perfect either. The advantage of this method, is that my digital ID that generates the certs can require authentication (e.g. a pin, or biometric) and sign a single cert which is valid for a single instance (this minute of this day) for a single site. It’s still anonymous, since this can be signed client side, but it can’t be abused.
If someone maliciously leaks their own certificate, and people start using third party software to sign stuff, that’s pretty dangerous, as your cert can be used to sign stuff with your ID attached as well if you want, meaning people could impersonate you for a lot of things, so you’d be pretty dumb to do that, and should report to the police that your ID has been compromised and get a new one issued.