A secure democratic Net is a fundamental right

You can find it here

http://eid.belgium.be/nl/Hoe_installeer_je_de_eID/Quick_I...

The old middleware will be replaced. The old middleware had some serious problems with security and privacy. We also know that the old middleware was questioned by some in Microsoft.

We are curious to know how this new middleware will withstand attacks and bypassing. We hope they have done some securityresearch themselves.

We will not necessarily divulge or publish information we receive, but it will come in the right hands as fast as possible. Security researchers that send us this information won't be prosecuted if they don't publish the information. The publication of the information will be negotiated with FEDICT. You have to be precise under which name (or anonymous) you want to be known. This blogger is not an expert coder, so don't think I am the culprit.

The goal is to have a secure EID system with security testing that is inherent in the developpement process and with a formalized 'responsable disclosure' policy.

But we still have a long way to go. The readers for the EID cards for example aren't equally secure.... this was discovered in the beginning of the year. A hardened secure encrypting EID reader should be the goal for 2009. We don't need 10, we only need 1 that is very secure and that can be upgraded by a simple process.