Okay and what happens when I overwrite that qr code with one that points to downloadvirus.com? How is a client supposed to know that the qr code isn’t supposed to be here?
Well, because it won’t be signed by a trusted CA for that task. Like if CAs had a category of certificate issuance that applied here (the standardisation issue) then it would be easy to spot a fake (which wouldn’t be correctly signed). Alternatively, you could take the European approach of having everything government related (like public street parking, though Europe mostly uses apps for that, not signed QR codes) rely on government entities and those in turn on a national set of government CAs.
If it becomes standard for public parking to be signed, everyone would know. If payment QR codes in general start being signed, your payment app might even know. Lastly there could even be signage by the code to help novices.
Okay and what happens when I overwrite that qr code with one that points to downloadvirus.com? How is a client supposed to know that the qr code isn’t supposed to be here?
Well, because it won’t be signed by a trusted CA for that task. Like if CAs had a category of certificate issuance that applied here (the standardisation issue) then it would be easy to spot a fake (which wouldn’t be correctly signed). Alternatively, you could take the European approach of having everything government related (like public street parking, though Europe mostly uses apps for that, not signed QR codes) rely on government entities and those in turn on a national set of government CAs.
That doesn’t make any sense. How would you know if something should or should not be signed? You wouldn’t.
If it becomes standard for public parking to be signed, everyone would know. If payment QR codes in general start being signed, your payment app might even know. Lastly there could even be signage by the code to help novices.
The point of a code is to not have an app in the first place. Thus there’s no way to validate it.
Very cool. Why would anyone use qr codes then? When you can just write a url and that’s free