• Caedarai@reddthat.com
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      4 个月前

      Well, because it won’t be signed by a trusted CA for that task. Like if CAs had a category of certificate issuance that applied here (the standardisation issue) then it would be easy to spot a fake (which wouldn’t be correctly signed). Alternatively, you could take the European approach of having everything government related (like public street parking, though Europe mostly uses apps for that, not signed QR codes) rely on government entities and those in turn on a national set of government CAs.

      • Aux@feddit.uk
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 个月前

        That doesn’t make any sense. How would you know if something should or should not be signed? You wouldn’t.

        • Caedarai@reddthat.com
          link
          fedilink
          arrow-up
          1
          ·
          4 个月前

          If it becomes standard for public parking to be signed, everyone would know. If payment QR codes in general start being signed, your payment app might even know. Lastly there could even be signage by the code to help novices.

          • Aux@feddit.uk
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 个月前

            The point of a code is to not have an app in the first place. Thus there’s no way to validate it.

            • Caedarai@reddthat.com
              link
              fedilink
              arrow-up
              1
              ·
              4 个月前

              It wouldn’t need a separate app if, for instance, a standard QR payment format way created. If you just want a link to a website to pay, then naturally that would be less secure, but you could always put the URL below the QR code for redundancy (QR would only save time typing then).

        • Caedarai@reddthat.com
          link
          fedilink
          arrow-up
          2
          ·
          4 个月前

          QR codes are mostly meant to let you get an amount of info (they’re mostly text-based) without having to type or enter it manually when you might make mistakes or when the process is just faster for the amount of text involved.

          • themoonisacheese@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            4 个月前

            Yeah, I know. Why would anyone ever use them if creating one required a certificate? If the certificate was so cheap as to not be an obstacle then it wouldn’t be a deterrent to malicious replacement of codes either.

            • Caedarai@reddthat.com
              link
              fedilink
              arrow-up
              1
              ·
              4 个月前

              Because you can make it so that the required certificate/signature has to meet certain criteria to work. For instance, imagine there was a PayPal equivalent type app for paying QR codes, and they required all codes to be signed by one of their business customers (who they have on file). Or with a certificate they themselves issue their customers.