gregsons
commented
3 years ago Open taseo opened 3 years ago
gregsons
commented
3 years ago 
taseo
commented
3 years ago Thank you for the references!
For example, if we look at second link, we can see it references the same EU document, but OIDs there are different.
There is also disclaimer in that document, that other documents might specify other OIDs. But is there any supporting document that states that these github sources have any legal weight and can be taken as source of truth? Or it supposed to be a copy of those initial documents to make the process developer friendly (if that is the case, there are already things that do not match as with these OIDs).
Also, as I see certificates from other countries use OIDs specified in that EU document and not from github.
SchulzeStTSI
commented
3 years ago @taseo There was an inconsistency in the hCert spec which generates a conflict with the certificate governance document. In cause of this inconsistency, verifiers must now support both OIDs (with ".0" and without). This change will be announced this week in the official meetings. The version without the ".0" is the official one, and should be used.
taseo
commented
3 years ago Thank you very much for the details @SchulzeStTSI and @gregsons
taseo
commented
3 years ago 6.json contains vaccination certificate, but OID specified is meant for recovery certificates; EXPECTEDKEYUSAGE is marked wrongly as true
PL
Issue Description
According to https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v1_en.pdf section A.4 when issuer decides to include key usage identifiers there should be 3 expected formats.
Currently PL certificates (for example
2.json) has them in wrong format (1.3.6.1.4.1.1847.2021.1.2)Proposed Solution
Use correct OIDs, please provide reference that proves that used OIDs are indeed valid or update
EXPECTEDRESULTS(for example, as inIS 3.jsontest case