Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN] UBIC:The cryptocurrency providing UBI for the masses using the E-Passport
by
ubicorn
on 27/07/2018, 19:38:23 UTC
Quote from: Ubiubi18 on July 27, 2018, 01:32:10 PM
I would like to understand what makes the difference for you regarding those 61 pkd - members: https://www.icao.int/Security/FAL/PKD/Pages/ICAO-PKDParticipants.aspx
Is there some security issue that makes some of those PKDParticipants  infeasible for ubic?

Here are the reasons why they are not all supported by UBIC:
 - The non-transferable proof of knowledge for RSA certificates requires a big enough RSA exponent, 65537 or more.
(example: Hong Kong uses 3 as RSA exponent)

- The document signing certificates have a too long signing period. This means that UBIC doesn't know when the passport was issued and therefor doesn't know when it will expire.
(example: Argentinia, Brazil: more than 2 years signing period)

- Some countries only publish their country signing certificates but UBIC needs the document signing certificates too.
(example: Spain, Belgium, Netherlands)

It will probably change in the next years. Using 3 as RSA exponent has been proven to be less secure than 65537 and the ICAO DOC9303 recommends document signing certificates with a signing period of less than 3 months. So the countries listed in the examples above are definitely not following the best practices.