I’d be very supportive of a public, public key infrastructure and Identity Provider.

They should eventually be necessary for some things…like any official government or online banking business. Essentially anywhere you would expect something to be notarized or witnessed.

But they should be optionally allowed on other services. I wouldn’t accept requiring an official government ID to shitpost on Reddit, but if I were a celebrity and I could use it to officially verify myself on Mastodon, or even Facebook? Sure.

People misunderstand what client certificates are and what they do. They are a pair of keys, private and public. You use the private key to digitally sign (and/or encrypt) a message. The public key (client certificate) is issued by a third-party entity that all involved parties trust (the certificate authority), as proof that it has received a message signed by the same private key in the past.

By storing the private keys on something portable but non-exportable, like a smartcard, they are the “something you have” in multifactor authentication. And by virtue of needing to be protected by a password/pin/passphrase, proof of “something you know”.

It’s the digital equivalent of a state issued ID or driver’s license, and personally I think it’s absurd we don’t have it by now. You technically don’t “need” a state-issued ID to do anything, but they also certainly make modern life a hell of a lot easier.