Hacker News new | past | comments | ask | show | jobs | submit login

We have a similar system in Austria and I got curious when ROCA was announced. Turns out the cards here generate ECDSA keys and are thus not affected. Naturally, there was no announcement of any kind, so this took quite a bit of sleuthing to figure out.

Maybe Spain happens to use ECC keys too.

For those wondering: "upgrading the Estonian ID cards" means switching to ECC (P-384).

New certificates are generated on the chip, and the public part is then transmitted to the government public keys directory.

How do they authenticate the new ECC policy key when the RSA key is already compromised?

You don't. Hence, the upgrade system has been disabled now, which is TFA.

Am Estonian. The remote upgrade system is still working, but only enabled for high-priority users right now because of the high load - medical professionals, social workers, people who used the card more than 100 times over the past 3 months. It will be re-enabled for all users at the start of next week, maybe earlier if the high-priority users have all been serviced.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact