TID: Mystic BBS 1.12 A47
MSGID: 1:229/664 9dcb3b5d
REPLY: 2:460/256 000001ef
TZUTC: -0400
On 31 Oct 2021, August Abolins said the following...
 
 AA> Ah.. ok, then the QR code points to a hardcoded domain which uses the
 AA> "string" in the QR code.  But why couldn't other people still share
 AA> their QR codes?  How would the app know that the copied QR image isn't
 AA> someone else as long as gender and approximate age are the same visually?

All of the information is stored in the QR code and then signed by elliptic
curve keys using the P-256 curve.  So if any of the information was modified
the digital signature would no longer be valid.

All of the technical details can be found here:
https://spec.smarthealth.cards

This of course assumes the establishment chooses to scan your QR code, I've
only had two places so far do so, every other place has just looked at the
piece of paper and verified it against my ID.

I suppose you could try and share someone's credentials or forge your own, but
it doesn't seem like something I would want to do:

https://www.cbc.ca/news/canada/sudbury/forged-vaccination-passports-sudbury-1.6
203784


Jay

... Some of the crowd have decided to voice their opinion by staying away.

--- Mystic BBS v1.12 A47 2021/10/25 (Raspberry Pi/32)
 * Origin: Northern Realms (1:229/664)
SEEN-BY: 221/6 229/426 664 292/854 770/1
PATH: 229/664 426