- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 14 Feb 2026 04:41:48 +0100
- To: NIKOLAOS FOTIOY <fotiou@aueb.gr>, Manu Sporny <msporny@digitalbazaar.com>
- Cc: public-credentials <public-credentials@w3.org>
FWIW, the EUDIW folks have addressed this issue by forcing verifiers to acquire a relaying party certificate. The roots for such certificates are maintained by the EU. That is, the EUDIW won't serve an "non-certified" verifier.
Personally, I believe this will seriously limit adoption, leaving us with photos of identity documents and gas-bills as the "workaround".
To make things worse, the conflation of payments and identity requires every Merchant to join the RP certification program as well. This may sound like a brilliant idea ("protecting you from rouge merchants"). However, existing payment systems delegate trust in Merchants to the Payment Network. Yeah, you may indeed authorize a payment to a bad actor, but the authorization won't go through which in practice accomplish the same protection, but in a simpler and much more scalable way.
On 2026-02-13 23:07, NIKOLAOS FOTIOY wrote:
>
>> No, that's government overreach into the private lives of individuals.
>> I should be able to show my government ID to anyone I choose to show
>> it to. It also works against the government because your credentials
>> become less valuable as less people can rely on them. How do you get
>> onto the verifier list? These are policy decisions that often get
>> gamed by large organizations.
>
> This is our fundamental difference in thinking. In my opinion individuals do not feel restricted for not be able to show their government ID, it’s the other way around: they do not want to show their government ID. In the real world there are restrictions who can ask your government ID. In my opinion it should be the same in the digital world.
>
> Best,
> Nikos
Received on Saturday, 14 February 2026 03:41:54 UTC