It's been a year since the first implementations around eID started showing up. Yeah indeed, just before FOSDEM or maybe that's just coincidence, but my thoughts are still the same.

I think, and I'm not alone in this case, there is a security flaw. And not just one that's quickly solvable, but a flaw in design. The thing is, you get your card with a private key and you just don't know who else has your key. Ain't it the goal of keys, that you create a private key and you distribute your public key?

And now some other really nice thing about it. It's not writable. Of course not you say, but listen up.

Say, you move to an other place. Wouldn't it be nice, to just be able to change that? I can understand you need to go to the city hall of your new place, and prove you come to live there, but that it is at least a quick write over. But no, it's not. You need to go back home, cause they have to order a new eID for you. After 2 weeks, you get your new card, with your new address, but also with a new private/public key pair. Now you can warn all your friends, who have signed your key, you have a new one, again.

So, instead of using an eID, use a smart-card with your own keys, this way you at least can control them.