I enjoyed all the anecdotes, but I felt the emphasis on location of verification a bit ‘misplaced’ (pun intended). The post reads: "You can either show me your vaccination status or send me your vaccination certificate... The key difference between the two methods is the location of verification." I suppose some folks would mistakenly accept a vaccination status without checking — and that’s a problem, but credentials wallets or Health Passports cannot by themselves perform verification.

A verifiable certificate is a machine readable document. Verification is the process of checking that a document is properly structured, is anchored to an immutable ledger, that it has not been revoked and that the issuer is the same as the owner of the verifiable domain name, along with other checks.

Verification can be performed with the certificate object or a reference to that object, eg- a URL or a QR code which contains the URL. Since certificate data is not intended to be human readable, passing the certificate by reference is the preferred approach. Showing a rendering of the certificate is not verification, it's presentation. Presentation is not necessary, but it is useful in building trust.

In my opinion, what makes the HealthCerts approach better than other methods is not "where verification takes place". It's better because it is lightweight and does not depend on any specific digital app, much less a digital identity app. With HealthCerts, a traveller's health status can be verified using only a QR code, which might be printed on a sheet of paper.