My concern is basically that this forces people to use very expensive cert providers, since it is infeasible to setup and connect and secure an HSM that can do this yourself. And Microsoft and Amazon have tricked the browser forums that their online ones are good enough.

It essentially puts yet another monopoly into the “open” Web. The CA browser forum is a joke at this point and I don’t respect any of the decision in the last 10 years. They all serve to further centralize and close off the web.

People keep bringing up LetsEncrypt, but it very much cannot issue EV carts. It costs THOUSANDS of dollars to use a service that can auto renew “trusted certs”.

I think this article makes a pretty big leap in the middle. There’s really no reason that the operating system needs to be involved in the “Private” solution. It could just as easily be a website or a browser plugin. All you need is your government of choice to have some way to provide a token with whatever important bits necessary in it (“Yes this person is over 18 and a resident of WA”). You could even have third party sites/libraries that could read that token and verify what it contains.

The last third of the article is all based on that giant leap.

I would say absolutely. The 2004 series one of my favorite series, even if I find the end tapers of in quality in my opinion. Otherwise it’s great. Give it a watch.