Seems the Spanish government is finally admitting that new Spanish eIDs ("DNIe 3.0") are vulnerable to ROCA. Everyone gets to renew their certs. Supposedly they're "disabling" the old functionality (revoking the certs, I hope). https://www.dnielectronico.es/PortalDNIe/
-
Sure, it looks like customised operating system & app as dnie has a common criteria evaluation. Excellent link, thank you!
Common criteria is worthless. The buggy code passed those evaluations. This is why we need *public* review, not shitty certifications that don't certify anything.
-
-
This Infineon fail passed every official certification of the problem chips and libraries. It was only found by researchers working black-box from the keys only.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I strongly disagree. Common Criteria has its defects, but smart cards pass thorough tests and implement very sophisticated antitampering countermeasures. Certifications and evaluation labs helped building this. Public review is useful, but won't help in DFA attacks, for instance.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.