[jsnell]

There is no need for a centralized database or always on internet access. How did my description suggest that either would be needed? As the verifiee, you need to print a piece of paper and have an ID. As the verifier, you need an offline app. No central authority is notified of the scan. None of this is rocket science, it is basic public key cryptography.

It does not take 5 minutes either. In practice it takes about 5 seconds to scan and validate the cert.

You have built an elaborate fantasy of how bad the system would be, rather than look at how the systems deployed for half a billion people actually work. Literally none of your stated fears actually bears out in practice. Suggesting you'd rather just get Covid is just depraved.

[stickfigure]

OK, I'll concede that PK cryptography can be used to eliminate the online requirement given that you don't need a revocation mechanism. You're still going to need active measures to ensure restaurant compliance. And signing these without a centralized database at the signing authority? Theoretically possible, practically impossible.

Tell me, where is it that these systems are working for half a billion people?

I'm guessing this is somewhere with a vastly different cultural landscape than the US. Depraved or not, I still value what little anonymity I have left.

[jsnell]

This is how the EU (and some associated countries) have it set up. One obviously would like to centralize the signing just so for some basic auditing and to limit the number of public keys that get installed. But that just means a central signing service, it does not need to have persistent storage in said central location. In practice having the generated certs in a central DB is very useful for the users though, since it makes it trivial to install the certs on a new phone etc.