Eschewing a mobile phone has been pretty counterculture these recent years, but I think we are close to a point where it will no longer be sustainable, at least for anyone wanting to cross borders – or depending on the country, even enter a restaurant or concert. Several governments have announced that their vaccine passports will exist as mobile phone apps, because paper certificates are too easily forged.
I dont get why paper docs are still forgeable in this day and age.
Just put a qr code on it containing the same info plus a digital signature, and have verifiers scan it with an app. That sounds a lot more secure than the enduser having an app that the verifier just looks at with their eyes.
The apps being discussed will generate QR codes that the verifier will scan. But these codes are meant to be limited-time codes, so that if a new COVID strain appears and the old vaccines don’t protect against it (or it turns out that annual boosters are necessary), the person will no longer be able to report as vaccinated but will go back to the unvaccinated category.
Does limited time codes really get you anything that putting a date or which vaccine you got wouldn't? Besides, seems a bit overengineered for something that might happen in theory but hasn't yet.
Officers at passport control aren't trained health officials. It can be hard for them to make sense of certificates and understand what vaccinations are valid and which aren't, or which no longer are. That is why governments want to present an app where trained officials at the health ministry have already decided if the person is safe for travel or not, and just show border control officers a green check mark or no.
What is irrelevant again, because those officers will read the QR code with a computer. The computer can summarize to them how valid the vaccine still is.
There is no reason at all why a paper printed QR code can't tell exactly what vaccine you have taken, when you took it, who exactly are you, and what authority is authenticating the data. From there, any extra data is only needed at the time of reading.
The apps are expected to generate limited-time QR codes with the respective country’s digital signature (just like the biometric data in your passport), so no, your suggestion won't work.
Yup, because lowest-bid contractors are well known for producing bulletproof code, never copying bad samples from StackOverflow, and never rolling their own crypto instead of using proper libraries.
States’ already turned to contractors to design the system of digital signatures on their biometric passports, but these passports remain secure, so your sarcasm is unfounded.
Unless they somehow figured out a flaw in thr crypto that allowed for spoofing countries in which case holy shit why are you using it to fake vaccine certificates?
Eschewing a mobile phone has been pretty counterculture these recent years, but I think we are close to a point where it will no longer be sustainable, at least for anyone wanting to cross borders – or depending on the country, even enter a restaurant or concert. Several governments have announced that their vaccine passports will exist as mobile phone apps, because paper certificates are too easily forged.