• 0 Posts
  • 16 Comments
Joined 14 days ago
cake
Cake day: March 3rd, 2025

help-circle
  • Because you can make it so that the required certificate/signature has to meet certain criteria to work. For instance, imagine there was a PayPal equivalent type app for paying QR codes, and they required all codes to be signed by one of their business customers (who they have on file). Or with a certificate they themselves issue their customers.



  • It wouldn’t need a separate app if, for instance, a standard QR payment format way created. If you just want a link to a website to pay, then naturally that would be less secure, but you could always put the URL below the QR code for redundancy (QR would only save time typing then).






  • I think part if the motivation here would be to allow the doctor present at a school to determine whether a child is participating in the correct sex-appropriate placement. Like using the correct locker rooms or bathrooms in case teachers or other students bring up an issue (for example if a boy were to go into a girl’s locker room and claim to really be a girl). Since appearance doesn’t line up with sex in many cases nowadays, the inspection would be to determine the real sex of the individual. Some school activities will involve nudity (changing before entering a swimming pool, communal showering after a sports match or gym class, etc.) so the authors of this were initially pushing for any teacher (such as the supervisor in a locker room or the teacher of the associated class) to be able to inspect/determine the sex of the individual.



  • This seems to be a gross misunderstanding of public key cryptography. Public keys allow you to verify an existing signature is valid and made by the correct entity, but they absolutely don’t allow you to forge a signature: that’s actually what they are designed to prevent.



  • Caedarai@reddthat.comtoComic Strips@lemmy.worldQuishing
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    2 days ago

    Well, because it won’t be signed by a trusted CA for that task. Like if CAs had a category of certificate issuance that applied here (the standardisation issue) then it would be easy to spot a fake (which wouldn’t be correctly signed). Alternatively, you could take the European approach of having everything government related (like public street parking, though Europe mostly uses apps for that, not signed QR codes) rely on government entities and those in turn on a national set of government CAs.