Summary Client-side certificates were technically sound in the 1990s, but they failed because individuals weren’t willing to pay for identity proofing. SEDI fixes that economic flaw by providing a state-endorsed, high-assurance digital identity to anyone who wants one, creating a durable foundation for secure online transactions and future digital credentials.

In the mid-1990s, Netscape shipped something genuinely ahead of its time: client-side SSL certificates baked right into the browser. The idea was elegant, providing strong cryptography, mutual authentication, and a real digital identity on the web. Technically, it worked.

Socially and economically? Not so much.

Certificates cost money¹. To use a client certificate, someone had to pay for identity proofing and issuance. Individuals weren’t eager to buy certificates just to browse or transact online, and organizations didn’t want the friction of requiring them. Servers got certificates because businesses could justify the cost. People didn’t. The web quietly standardized on “servers use certificates, people use passwords.”

That question—who pays for identity proofing?—never really went away. We just papered over it with usernames, passwords, and later federated login buttons. Convenient, yes. Secure and human-empowering? Not really.

That’s why I’m excited about Utah’s State-Endorsed Digital Identity (SEDI). It flips the economic model. Instead of asking individuals to buy identity proofing from private providers, the state does what it already knows how to do: prove who someone is. The state already has a massive identity-proofing system in place in the form of offices to issue driver’s licenses. They already have the process. And they can indemnify themselves against the risk. This is revolutionary, solving the biggest problems in identity proofing.

Anyone in Utah who wants one can get a state-proofed digital identity and use it online as a foundation for secure transactions. SEDI provides the root of trust for everything that follows. High-assurance online interactions, portable user-held credentials, and the ability to issue additional digital certificates all naturally build on that foundation, rather than requiring each service to reinvent identity proofing. Just as importantly, SEDI makes it possible to move away from shared secrets and centralized identity silos, replacing them with a durable, user-controlled identity anchored in state-verified assurance.

In a sense, SEDI is picking up a thread Netscape dropped nearly 30 years ago. The tech is different, but the idea of high-assurance identity for individuals isn’t. By finally solving the problem of who pays, we might finally get the identity-secure web we’ve been hoping for since 1995.

Notes

1. Yes, I know about free certificates. They don’t do much besides ensure the public key is bound to the domain name. That’s not identity proofing. Certificates that provide assurance of identity attributes require 1/ work to ensure the identity attributes are accurate and 2/ risk that the issuer might be sued if they’re wrong. SEDI solves both of these problems.

Photo Credit: State Endorsed Digital Identity in Use from DALL-E (public domain)