Yeah, I know. Why would anyone ever use them if creating one required a certificate? If the certificate was so cheap as to not be an obstacle then it wouldn’t be a deterrent to malicious replacement of codes either.
Because you can make it so that the required certificate/signature has to meet certain criteria to work. For instance, imagine there was a PayPal equivalent type app for paying QR codes, and they required all codes to be signed by one of their business customers (who they have on file). Or with a certificate they themselves issue their customers.
Yeah, I know. Why would anyone ever use them if creating one required a certificate? If the certificate was so cheap as to not be an obstacle then it wouldn’t be a deterrent to malicious replacement of codes either.
Because you can make it so that the required certificate/signature has to meet certain criteria to work. For instance, imagine there was a PayPal equivalent type app for paying QR codes, and they required all codes to be signed by one of their business customers (who they have on file). Or with a certificate they themselves issue their customers.