From the Department of Oops

I blogged about the German "health" card scheme last year. It seems that it is not only quite a boondoggle, but the people running the tests don't seem to have any idea of how to run real-life systems.

Heise reports that a server crashed in their fancy hardware security module. "Crashed" as in the disk is no longer usable. And, as it turns out, they don't have a back up. And this data just happened to be the root certificate authority (Root-CA) for their entire cryptographic basis, upon which the "security" of the system rests.

Which means they can't issue any more cards. So they either have to issue everyone new cards, or scrap the system. I'm betting they'll just bite down and issue new cards, at taxpayer's expense, of course.

No comments: