Tool to backup, modify and clone ePassport released

[David Biggins]

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-
> admin@chiark.greenend.org.uk] On Behalf Of Ian Batten
> Sent: 03 October 2008 11:15
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: Tool to backup, modify and clone ePassport released
> =20
> If the data on the passport were all public, and the security of the
> device rested in its physical and cryptographic resistance to forgery
> and alteration, what would the problem be with it being globally
> readable?
>=20
> The question isn't rhetorical: I may be missing a problem.


Twofold - one is that the passport is used for ID in several situations
where a cryptographic solution is not available.

Making it easy to replicate the "visually verifiable" aspects of a
passport without the holder knowing, by allowing silent access to the
electronic copy, is therefore a problem.

The other is that dependence on - and assumptions of infallibility of -
the crypto becomes absolute - which given the all-too-demonstrable
weaknesses of human institutions, creates entire classes of
vulnerability all their own.

Dave.