Some other comments mention BankID private keys . That would be the biggest disaster as that’s what everyone uses to identify themselves “securely” on all government services.
Well doesn’t Relying Parties using the BankID API for signatures and authentication have private keys to start the flows for users scanning QR codes etc?
Could you, having the right private keys, impersonate some company soliciting a BankID signature?
I’m not sure what you can do with that though. You cannot steal some other ongoing signature I guess.
Yes, nothing and the facts that these are government services, they use BankID and they updated their websites with "maintenance work" announcements for tomorrow, Saturday. For kronofogden.se there was no maintenance planned just half an hour ago. Knowing swedish tendency to plan things months ahead I would _guess_ that this maintenance work has been rushed due to some circumstances.
It's quite possible that the maintenance is related, but I can nearly 100% assure you this has absolutely nothing to do with BankID. I don't know who suggested that but they are either poorly informed or actively trying to sow FUD.
Some other comments mention BankID private keys . That would be the biggest disaster as that’s what everyone uses to identify themselves “securely” on all government services.
The private keys in BankID are stored in users phones, not centrally.
Well doesn’t Relying Parties using the BankID API for signatures and authentication have private keys to start the flows for users scanning QR codes etc?
Could you, having the right private keys, impersonate some company soliciting a BankID signature?
I’m not sure what you can do with that though. You cannot steal some other ongoing signature I guess.
1 reply →
That's an interesting guess that I assume is based on absolutely nothing?
Yes, nothing and the facts that these are government services, they use BankID and they updated their websites with "maintenance work" announcements for tomorrow, Saturday. For kronofogden.se there was no maintenance planned just half an hour ago. Knowing swedish tendency to plan things months ahead I would _guess_ that this maintenance work has been rushed due to some circumstances.
It's quite possible that the maintenance is related, but I can nearly 100% assure you this has absolutely nothing to do with BankID. I don't know who suggested that but they are either poorly informed or actively trying to sow FUD.