Questions reg. the implementation of vaccination certificates #615
Comments
|
I propose to change the title to something like "Questions reg. the implementation of vaccination certificates". |
|
I'm more interested in the content of the replies than the title. |
|
The mentioned function in the PR is deprecated. Here you can find the official DGC definition of the EU for a vaccination certificate |
watmm
changed the title
|
Hi Thomas, Thanks for that. Would like to bring these technical guidelines to your attention
I would like to highlight the fact that these are just guidelines and explore the possibility that they are actually stored at the verification point. In that case, can you say what data is made visible to the verifier? |
|
There is no need to store the data a the verification point the signature check is on the fly possible without persisting data. |
|
That's unfortunate. Do you know of any way the public can be assured that nothing is stored? |
|
Lets take SCHUFA as an example. Businesses interact with this all the time without being made aware of it's inner workings. The only thing that is displayed to them is essentially a thumbs up or thumbs down. Surely this is possible here too? |
|
It is not possible to make it as an one time event because you can manipulate any data on your phone. |
|
I know you're not a lawyer, but... This amendment requires member states who wish to use "digital green certificates" for uses beyond member state borders, to first enact local legislation to do so. https://www.europarl.europa.eu/sed/doc/news/flash/25465/P9_AMC(2021)0104(012-013)_EN.docx Does this not fall under the category of a "digital green certificate"? I'm less concerned about a central server than i am about a growing collection of personally identifiable location data. And yes, i know how phones work :) but i'm specifically talking about government access. |
|
I understand, that the codes can't be created on the phone due to obvious security reasons, but what's about creating multiple codes, one only with full name and one with all data. |
|
I have no understanding about this amendment. All information like name and status needs to be signed as one by an authority to make a validation with the person ID card possible |
|
The amendment is about stopping it being used EU wide for purposes beyond border control. I wasn't aware location data was required to authenticate with the central server, that's even worse. So you're saying at every restaurant/bar/etc I need to trust that the verifier does not store the data it has full access to, and the central server receives my coordinates for some reason? |
|
It is not required but you can see easily see the IP of the check request and you have no control what information are saved on the central server. But there is no central server because of this kind of problems. Exactly but this is not an issue of the verifier app because the restaurant can also save manually your data without verifier app and the official app is not storing data. |
|
Ah well an IP doesn't connect a person to a place in time. That's fine. It's a lot better than say, a list of nearby bluetooth devices, or GPS coordinates. The verifier remains my area of concern precisely for the reason you say that. Quite simply, the weak point is the exposure of the data that is none of their business. |
|
I don't understand why more people are not contributing towards the discussion that this is either not good enough or that we can do better. |
|
Lets try this again... Do you know of any way the public can be assured that nothing is stored? |
|
@watmm as far as I understand, this verifyer app is specified by BMG as part of the CoVPass project, but neither specified nor implemented by cwa project. |
|
Thanks for that, however if the CWA is releasing all json fields then it is responsible. |
|
@watmm Are you aware of https://github.com/ehn-digital-green-development & https://github.com/eu-digital-green-certificates? I don't see why CWA has a special responsibility here, every app which implements the digital vaccination certificate would have this problem if I get you right. Edit: See also https://github.com/Digitaler-Impfnachweis for the GH repos of the German app. |
|
Thanks for the links Tim. It's late, so will take a proper look tomorrow. |
I assume if you want to be compatible with this project then you have to match their requirements. |
|
@Ein-Tim thanks for the links - but, actually, I am lost, and don't understand much ... |
|
Your not alone! It's really hard to keep an overview over all the different implementations & even harder to understand it... |
|
@Ein-Tim |
@MikeMcC399 actually no big surprise. |
|
Ya'll can follow this in the two "Privacy concerns" links above. |
|
@watmm You might want to take a look at https://github.com/ehn-digital-green-development/hcert-spec/discussions/85 |
|
Here we go again, as to date nothing has been answered from any of these sources, including the 79 MEPs I contacted that voted for the very restrictions i'm asking about.
I don't know how to be clearer so maybe an anecdote would help. Can i write anything i want until public pressure (lol) requests an independent security audit? Edit: To clarify, by "frontend" i mean verifier. |
|
https://www.berlin.de/sen/gpg/service/presse/2021/pressemitteilung.1094512.php
So, the yellow vaccination booklet? That's fine then. Provided it works like that in practise. |
|
@watmm The yellow vaccination booklet has a few big drawbacks, but also a few big good points:
|
|
Thanks for confirming my suspicions. Time to laminate my booklet... 🙂 |
|
I put my booklet into a freezing bag, booklet open at the page with vaccination entries. By this, name and vaccination can be checked without taking paper into the hand, but if a thorough check for forgery is necessary, it can be taken out easily. |
|
@vaubaehn and, you don't prevent your booklet from being used for its original purpose - you can get more / other vaccinations added at any time; which is blocked if somebody laminates it |
|
Eh? Lamination is just a plastic covering. It doesn't infringe on the inside. You can also just put it in a plastic protective shield. Freely removable at any time. |
|
No matter about the definition of lamination: |
|
So much for that. |
|
@watmm Are you still interested in getting answers to your question? If not, I suggest to close this. If yes, I can only strongly suggest to open issues in the corresponding repos which deal with this on EU level. |
I realise this is still a work in progress, but I have questions.
@d4rken
In 6733-vaccination-polling you say "Depending on what vaccination data the user has added to the CWA"
Can you elaborate on this for people not involved with the development.
It sounds like you're saying that the data revealed by scanning the QR code upon vaccination validation can be limited by the user, is this correct, and if so, what are the minimal amounts of data contained within and revealed by such validation?
At the point of verification, what information is revealed, and is it just verified visually, or recorded? Thanks.
Ideally just a list of data stored locally, data stored remotely (central server), data stored remotely (verification site).
If the answer to these questions are unanswerable right now / moving targets, that would also be interesting to know.
Internal Tracking ID: EXPOSUREAPP-7352
Related to topic: Check signature of certificates
Internal Tracking ID: EXPOSUREAPP-8010
The text was updated successfully, but these errors were encountered: