Hacker News new | past | comments | ask | show | jobs | submit login

For those wondering: "upgrading the Estonian ID cards" means switching to ECC (P-384).

New certificates are generated on the chip, and the public part is then transmitted to the government public keys directory.




How do they authenticate the new ECC policy key when the RSA key is already compromised?


You don't. Hence, the upgrade system has been disabled now, which is TFA.


Am Estonian. The remote upgrade system is still working, but only enabled for high-priority users right now because of the high load - medical professionals, social workers, people who used the card more than 100 times over the past 3 months. It will be re-enabled for all users at the start of next week, maybe earlier if the high-priority users have all been serviced.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: