Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

PDF Export-All Allows Country Check Circumvention #913

Closed
thgoebel opened this issue Aug 1, 2022 · 3 comments
Closed

PDF Export-All Allows Country Check Circumvention #913

thgoebel opened this issue Aug 1, 2022 · 3 comments
Labels
question Further information is requested

Comments

@thgoebel
Copy link

thgoebel commented Aug 1, 2022

Your Question

"Unlike the export of individual certificates, the export of all certificates is not limited to those issued in Germany, taking into account all EU digital COVID certificates."

  • Question:

What is the reasoning behind not filtering foreign certificates in the "export all" feature?

Right now (CWA version 2.24, 2.25), I can simply import a single foreign DCC, click export all, and I get a nice 1-page PDF of my foreign DCC with a German look around it. Why prevent this in the individual export, but not in the bulk export?

What is more: the individual export (on Android) is hidden in the certificate details, behind the overflow menu. From the certificate landing page, this requires 4 taps and 1 scroll.
The export-all on the other hand is on the certificate landing page and is clearly visible through its icon. 1 tap away.
Thus it is much more exposed to the user.

Why this difference? What are the two different threat models that you applied here?
@thgoebel thgoebel added the question Further information is requested label Aug 1, 2022
@Ein-Tim
Copy link
Contributor

Ein-Tim commented Aug 1, 2022

See also corona-warn-app/cwa-website#2958 (comment) & following comments.

@thgoebel
Copy link
Author

thgoebel commented Aug 1, 2022

I'm interested because as far as I understand the original intention was to limit abuse. I.e. make it harder to disguise a foreign cert as a German cert. For example, Switzerland introduced a similar limitation to only transform Swiss-issued DCCs to "light certificates" and PDFs after media reports of mal-issued German certs. Hence I was surprised to see that this is by-design according to the FAQ.

After all, DCCs are an official document. As a comparison: you don't want to make it trivial to create a German-signed Personalausweis with the 🇨🇭 on it, nor a Swiss-signed Personalausweis with the Bundesadler.

So did the German threat model change? Is abuse only an issue for individual exports? Or is abuse not an issue at all anymore (and the individual export is just lagging behind and will be allowed for certs of all nations in a future version)?

@mlenkeit
Copy link
Member

mlenkeit commented Aug 9, 2022

@thgoebel the main reason for restricting the original export to DCCs issued by Germany was simply that there were legal concerns as to what template to use for DCCs issued by other countries, as there is no standardized template across countries.

In the meantime, these concerns have been dismissed. The batch export uses the DE template for DCCs issued by Germany and a similar generic template for DCCs issued by other countries.

There are ongoing discussions whether to enable the single export also for non-DE DCCs (see corona-warn-app/cwa-wishlist#836).

@thgoebel thgoebel closed this as completed Aug 9, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mlenkeit @thgoebel @Ein-Tim