You can maybe, trust the user to handle it's own certificate in their own devices?
Though I admit requiring attestation is probably a good default.
replyOne important feature of a legal ID is that it's hard to copy, so attestation from the hardware storage would have to be basically mandatory.
replyBut yeah, the user could have a choice to this extent.
[dead]
reply