Green pass laundry, UPDATE 3
Since I'm on vacation and I couldn't understand why they don't just invalidate the keys, I noticed that the leaks seem to come from unrelated institutions: French, Polish, Dutch, and others are added.
So I asked myself: but piercing different systems with different security and different suppliers and different software is complicated. It is easier to pierce ONE, let's say the central European one.
But how easy is it? How is this thing made?
So, again because when I'm on vacation I shouldn't be a systems architect, I downloaded the architecture document from here:
https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v5_en.pdf
Good.
Not bad.
So, the revocation part is described here:
Good. There's a big problem, and it's hiding in language. Words like SHALL, COULD, SHOULD, and others have precise meanings.
As you can see in the first screenshot above, all the revocation part IS NOT mandatory. It's all a SHOULD, SHOULD NOT, RECOMMENDED.
In short, it is a good practice. And on this we agree.
But the point is: the implementation of the feature that allows you to deactivate EUwide certificates WAS NOT MANDATORY.
Here it starts to get cold.
Perhaps you miss the point: if you write a specification like that, the corresponding User Stories today end up in the backlog, in the EPIC of “neverHappen”, which will be performed in the month of “notGonnaHappen”. The day of “forgetItDay”.
Let me be clear, I'm not sure if the part is not implemented: it depends on 27 countries. Maybe some “vogon” Product Owners have implemented everything to the letter. What I notice is that it was not mandatory, and that it was not mandatory to behave consistently across the EU.
This could explain why so far the solutions to the problem have all been local. Clarity needs to be made.
And if this thing made you shiver, get this, which really can't be read:
Let's leave out the fact of passwords by phone and email…. indeed, no. You send the files by mail, the hardest system to secure , and then the password follows… by phone. Why did they encrypt ITU or something?
This stuff may have cost tens of millions, but was it that expensive to send an officer of the armed forces, or the police, to personally deliver the files? We're talking about 450 million people under a pandemic, FUCK !.
But read the last point and look at the diagram:
Is there really a need to attack the system, I know, French? Do you really have to risk prison 27 times more, working to pierce multiple systems made differently, produced differently, defended differently, when you can only pierce one?
Put yourself in the shoes of an attacker …
I'm shit knows about the EU, more than France.
… REBUS. [3,4]
