[radicalbyte]

A nice tidbit: this RFC has its roots in the EU Covid Certificate project. The encoding was designed to cut the size of the QR payload (which for DCC is a CBOR - binary encoded - object) :)

The smaller the payload, the better and faster the scanning. Which is important for something that is designed to be used during border crossings and the like.

We have a number of implementations here:

https://github.com/ehn-dcc-development/

[lawl]

Interesting. The swiss system, which is supposedly compatible with the EU uses JSON + base64 [0].

Seems we also use RSA, and from a quick glance the EU seems to take any x509 certificate authority [1].

Does anyone know if there is a reason elliptic curves weren't been mandated, which should cause smaller signatures than RSA and thus a smaller payload?

[0] https://github.com/admin-ch/CovidCertificate-Apidoc/#respons...

[1] https://github.com/ehn-dcc-development/dgc-java/blob/main/cr...

[Nursie]

>> Does anyone know if there is a reason elliptic curves weren't been mandated

Support still patchy ?

I work in this area (certificates mostly) and find issues every so often with various platforms having gaps in their EC stuff. That said most things can now deal with the base subset and sticking to (say) P-256 would probably be pretty trouble-free. Getting europe-wide agreement on this would likely be hard though, and european standards[0] often have stuff in that's not widely supported, like FRP256v1, which doesn't seem to be in openssl yet, or wasn't last time I looked, let alone more obscure or outdated implementations.

[0] - e.g. https://www.etsi.org/deliver/etsi_ts/119300_119399/119312/01...

[chugy1]

base64 is just used to encode the PDF and PNG to send them over JSON (JSON does not support binary content). The data in the QR code is encoded in base45 as in the EU.

[thehappypm]

Honestly feels like premature/unnecessary optimization.