watmm
commented
3 years ago Ok, maybe i'll get a better response if i put the questions here.
First, the most important but out of scope question. If you have an opinion or know anything about the subject i would be interested to hear it, otherwise skip ahead to the tech Qs.
Why, given that the results of votes on digital green certificates, and the list of amendments shows us that AM12 was adopted, and given that the purpose of AM12 is to restrict the use of digital green certificates to their intended purpose for use only at member state borders without further individual member state legislation, do we see countries such as Germany pushing ahead with their use for access to private spaces such as bars and restaurants, even outside?
Now, the code...
In the technical specifications it states
6.3.1 Frontend The verifier app frontend provides functionality to scan and verify DGCs. It scans the base45- encoded QR code, extracts the COSE signature, and decodes CBOR back to JSON (see also 6.2.1). It then verifies the signature with the keys provided by the verifier app’s backend. The app uses only open-source libraries; all DGCs scanned or processed are ephemeral and will not be stored.
Can businesses create their own verifier app or is there just one? What are the requirements to be a verifier app? Can these requirements be imposed via the holder's app? and correct if i'm wrong here, but to my knowledge at the point of verification there is not simply a 👍 / 👎 situation but rather all json fields are visible to the verifier app?
What i'm trying to get at here is, how can the holder really know that these json fields are ephemeral?
gabywh
Hi all, not sure where to put this question. I just wanted to bring this thread to your attention. Maybe this would be a better place to address some of it's questions therein.
https://github.com/corona-warn-app/cwa-documentation/issues/615