> The challenge is how do you revoke a certificate which was used to issue millions of ID cards/passports once it leaks? Does everybody suddenly not have a "valid" ID proof?
Revocations always come with a revocation date. Only passports issued after that date would be invalidated. The issuance dates could be proofed with cryptographic timestamps.
There is a trade-off between false positives and false negatives when choosing the revocation date of the issuer certificate. With OCSP, you could also revoke all the individual IDs that are not known-good (known to have been issued legitimately).
Of course, a world-wide interoperable passport scheme is unlikely to be designed with such an elaborate verification system, and maintaining registries of all legitimate IDs comes with its own risks.
In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.
> In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.
If you have a big family with the ownership of many assets - a car, house or an apartment, bank accounts, mortgage, various subsidies, and so on, the number of instances that you need to go to change your old passport data to a new one could quickly grow up to one hundred, depending on a country. The biggest problem with reissuing a passport is that its number and issuance date change, forcing you to jump through many hoops to continue life as before.
That sounds weird. Which country abuses passports like that?
From my perspective, a passport is just an identity document. It's not a source of identity. When you get a new passport, your identity doesn't change, so you don't have to update your information anywhere. Immigration officials may be the main exception, if you live outside the country of your citizenship. Or maybe there is some hassle if you need to transfer a visa to the new passport.
Lots of countries use ID's serial number as a sort of identity. Like, your bank would literally store "Mr. John Doe, G.I. ID 60-05 123-456-9012, D.o.B. 1985-07-29, etc." in your record, and when the next time you visit a branch and show them your new ID, it better have a "previously issued IDs" section on it with that old ID number there, so they would confirm that it's still you and update their record.
The passport can retain the same ID. It’s only its certification that changes. This is analogous to how a web server doesn’t need to change its domain name when the TLS certificate has to be replaced.
And presumably, you would still have to renew your passport every ten years or so anyway.
Revocations always come with a revocation date. Only passports issued after that date would be invalidated. The issuance dates could be proofed with cryptographic timestamps.
There is a trade-off between false positives and false negatives when choosing the revocation date of the issuer certificate. With OCSP, you could also revoke all the individual IDs that are not known-good (known to have been issued legitimately).
Of course, a world-wide interoperable passport scheme is unlikely to be designed with such an elaborate verification system, and maintaining registries of all legitimate IDs comes with its own risks.
In case of a massive breach, it’s more likely that everyone will have to get a new passport and re-prove their identity for that using separate means.