Comments (5)
Thanks - given that the only jurisdiction I'm aware of in Canada with more than one active signing key is Saskatchewan, and that the secret_key varies by jurisdiction, I don't know that this is a huge concern.
One other comment WRT wording - I was initially confused by the term "base64url encoding" which I would ordinarily have interpreted to mean e.g.
base64:XR2ExUT53mCW65XHKv5FJg==
I would instead consider amending the spec to refer to this as "URL and filename safe base64 encoding".
from health-cards.
The idea is to act as a domain separator and generate a different revocation identifier rid
for SHCs issued under a different key. We're trying to minimize the information disclosed by CRLs, and not using such a separator could result in the same rid
being used in multiple CRLs (if a revoked user obtained SHCs from different keys, e.g., updated cards over time); information which could help identify listed users. These values are meant to be opaque and meaningless to verifiers, the spec recommendation minimizes information leakage.
I'm curious to learn more about the complications you are facing? You'd basically want to calculate and remember a rid
once per user, and copy it into a CRL if needed? Different issuers will have different capabilities and requirements, so the rid
calculation is essentially an implementation choice.
from health-cards.
In Canada many jurisdictions are using a federally-provided signing API, which provides endpoints returning an SVG or PDF with a common look and feel.
As such at the moment the system responsible for managing credential generation is not aware of the signing key used to sign a credential, and we would have to publish all rids associated with a user to every active signing key regardless.
I'm still trying to come to grips with the "shared rid" security implications - I would have expected virtually all revocations to be time-delimited, in which case timestamp would also be a giveaway (or at least I'm not aware of any situation where an individual can be "perma-banned").
from health-cards.
The rid
calculation spec is up to the issuer; you have to balance your deployment (which are very specific in your case) and privacy requirements. Not using a kid
in the calculation doesn't affect interop and the ability to validate issued SHCs, so you are free to proceed this way. Using a random secret key (seed) prevents preimage calculation, even without the kid
(which like a salt, increases the attacker's work to reverse the calculation).
from health-cards.
I would instead consider amending the spec to refer to this as "URL and filename safe base64 encoding".
We use the term base64url encoded many times throughout the spec, but we should explicitely link to the standard. I also noticed the <kid>
in the recommended rid
calculation doesn't show up in the HTML version of the spec. I'll create a PR to fix that.
from health-cards.
Related Issues (20)
- Clarification re multiple QR codes HOT 15
- Request change to use only NIST IAL Levels 1, 2, and 3. HOT 2
- Publish reference implementation of card parser HOT 2
- Java implementation of Jws HOT 1
- specify version 22 HOT 8
- Examples are not generating HOT 3
- Error related to generationg certificates HOT 4
- QR code FAQ link broken HOT 3
- Governance needs to be clarified HOT 2
- Release Tagging lax
- Create new github release matching spec's changelog version HOT 3
- Golang "swiss army knife" for smart health cards HOT 2
- Optional exp field to be honoured by verifiers HOT 2
- Can I get clarification on the section "Every Health Card can be embedded in a QR code" HOT 1
- Clarification of computation of `rid` HOT 3
- Clarification on how to encode a QR code HOT 1
- Clarification of examples/allowable data HOT 4
- Document sample certificate-generating script HOT 1
- Response code 404 (Not Found) HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from health-cards.