Question: greenPass app about hcert-kotlin HOT 5 CLOSED

Countries like DK combine them - in NL we have them separate (so only the verifier needs a simplified version of the trust list (just the KIDs, public keys and use really; the actual full X509 is not needed).

Some countries (e.g. DK) allow any citizen app to do this. In the Netherlands - we are technically preparing (insert parliament, law and other caveats) for domestic use of the DCC in parallel with a more privacy preserving domestic version for private (as opposed to travel) use. In the private case - we will very likely block domestic scanning of Dutch people their DCC - but force the use of the domestic, more privacy presering version. But allow DCC scanning for tourist. The reason for this 'block' is that the DCC give rise to 'too much' processing of data when viewed from a pure private/domestic case. In that case just a simple yes/no + date is quite enough. Which is pretty much what our domestic version contains. As opposed to the DDC version - which currently contains data about, for example the vaccination used, as to allow countries to be sovereign and apply their own entry rules at the border. So no - do not assume that those public keys are anything other than public. Also keep in mind that you do not need them to -read- and process a QR. Just to validate them. So from a security/privacy perspective they do not help with privacy. As a general principle - it is hard to keep public keys that need to be in hundreds of thousands of verifiers EU wide 'secret'. And they only need to leak once.