Hacker News new | past | comments | ask | show | jobs | submit login

Not really. If the offline license is in a digital format (QR code, etc) it can still be checked whether it’s been signed by a trusted authority (the state’s digital certificate, etc).

So you can very well have an offline system where the documents are signed during enrolment but then stored offline.




Only if the trusted authority sends back a copy of all the details too, and person at the counter looks at those instead.

Otherwise the altered app can show a different photo to that which was enrolled, etc. The signature is on bytes, not the offline visual representation.


Unfortunately that does not seem to be what they have done, i.e. no signatures involved.


In this case it’s a problem with the current implementation, but does not prevent a proper implementation from existing in the future.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: