Ask HN: Status of Estonia's e-residency program

4 points by jnbiche ↗ HN
I know that Estonia's e-residency program was affected a security flaw in Gemalto's card in 2017. And apparently they closed access to the public key database at that time.

But what's the current status of the program? I see no available public key database online or any API. Without a public way to verify these signatures, the program is only useful to internal Estonian government programs.

Anyone know what the current status of the program is? Do any other countries plan to offer a similar program?

The problem of verifying online identities in social media is a big one, and the Estonian program was a step in the right direction. It would be a shame if that progress is stifled because of Gemalto's negligence and incompetency.

2 comments

[ 4.2 ms ] story [ 18.4 ms ] thread
E-residency program uses the same technology and infrastructure as "real" Estonian residents ID cards (on which all Estonian citizens and residents rely daily for banking/government services/voting, etc...).

So yes, it still works )

As so the Gemalto vulnerability, it was promptly resolved with remote id card software updates (which most people did), and after that non-updated certificates/cards were suspended and replaced.

More info: https://www.ria.ee/sites/default/files/content-editors/kuber...