Belgian eID Cards

Posted Tue, 2008-09-30 11:29 by gvansanden

Philip Paeps blogged about not trusting the certificates on the Belgian eID cards here: www.paeps.cx/weblog/activism/why_you_should_distrust_beid.html

Stating:

"You cannot be reasonably sure that no clandestine unencrypted copies of your private key exist under government control or under the control of a disgruntled government employee or contractor."

I'd go one step further, you can be about 99.999999% sure that such clandestine copies do exist given the push that governments have alwas made to have access to crypto keys (lawful interception in online communication etc).

So, if they pushed on data retention laws and interceptable cell phones, what would be the odds of them giving up control of your keys?

Comments

2 comments posted

I'm not quite so sure

I'm not quite so sure myself. Given the Belgian government's extreme IT-incompetence, I'd be very surprised if one of their grunts had the bright idea of implementing such a feat.

Posted by Bram (not verified) on Tue, 2008-09-30 12:52

@Bram

Possibly, yet I'm not going to rely on their incompetence to identify the risk of someone stealing the signature or authentication key.

Thanks to Philip, I now know how to get mine revoked permanently!

Posted by gvansanden on Wed, 2008-10-01 11:07

Navigation

Syndicate

Belgian eID Cards

Comments

Recent blog posts

Ubuntu Meeting

Schneier on Security