“That would be pointless and backward. Think about how key pairs are used by ssh.”
I didn’t explain this very well. To clarify, both the .gov and individuals would have private keys.
The difference is that the .gov would use their private key to sign ALL the IDs in the system. The individual’s private key would only validate themselves.
So again, if the .gov private key is compromised, all other issued keys would need to be revoked and replaced.
How will you generate your private key?
How would you revoke it if you lost it?(I'd recommend creating both the revocation cert and the private key at the same time and submitting both, but then you'd have a really interesting way for the governement to quickly DOS the person, by sending out their revocation cert when they wanted to cause them really serious issues.)
How do you re-authenticate in case you lose it?
How do you prove that someone has stolen yours? (this is a serious issue)
Seems to defeat the purpose of having key pairs for validation.
When I think of a design for the problem, I keep thinking that key pairs are only useful as a replacement for passwords. Seems each person in the system would still need an id number or the like associated with the public key. Presuming a relational db, they could have the public key be an index to the id of the user in a separate table or db, that can be updated when someone has to change their key pair....and then the id would reference everything else about the person. So somebody signs in say to access their SS benefits, and the server checks what public key their private key solves, and then sees what user is associated with that public key.
They could try to use the public key as the id itself, but that is problematic and could cause transaction/syncing issues with all the other tables and various databases when one tries to change their key pair.