mirror of
https://github.com/corona-warn-app/cwa-documentation
synced 2024-11-22 09:14:26 +01:00
Fix English translation to name correct key pinning method
Fixes https://github.com/corona-warn-app/cwa-documentation/issues/581
This commit is contained in:
parent
beeea3798f
commit
e5c4640265
@ -68,6 +68,6 @@ As a rare edge case, diagnosis keys could be attributed to a single person in ca
|
||||
|
||||
The Corona-Warn-App takes state of the art measures to make individual messages and communication patterns unobservable to malicious entities.
|
||||
|
||||
Well-established encryption mechanisms such as HTTP over TLS (HTTPS) ensure that messages are not readable for outside viewers. Metadata is removed before processing payload in diagnosis key submissions and can therefore not be linked to them on a database level. To further reduce the possibility of man-in-the-middle attacks, certificate pinning shall ensure that trusted communication only happens between the Corona-Warn-App and the server.
|
||||
Well-established encryption mechanisms such as HTTP over TLS (HTTPS) ensure that messages are not readable for outside viewers. Metadata is removed before processing payload in diagnosis key submissions and can therefore not be linked to them on a database level. To further reduce the possibility of man-in-the-middle attacks, static public key pinning shall ensure that trusted communication only happens between the Corona-Warn-App and the server.
|
||||
|
||||
Besides shielding individual messages that are transmitted by the system, also communication patterns need to be disguised. Consider, for example, that polling for test results and submitting diagnosis keys would only happen in case of a real infection. In this case, observing network traffic would be sufficient to know that users took a SARS-CoV-2 test and had a positive result. This attack surface is mitigated by random fake messages that are indistinguishable from valid ones. This way, key submission and the retrieval of test results are indistinguishable from the system's background noise, creating plausible deniability for users even if network traffic is observed.
|
||||
|
Loading…
Reference in New Issue
Block a user