Re: [Cbor] [COSE] European Digital Health Certificates (used in European Digital Green Certificates = Vaccination certs)

Carsten Bormann <cabo@tzi.org> Sat, 12 June 2021 15:38 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B2C93A1761; Sat, 12 Jun 2021 08:38:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_FAIL=0.001, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3Y1OCrbsUDH; Sat, 12 Jun 2021 08:38:03 -0700 (PDT)
Received: from gabriel-2.zfn.uni-bremen.de (gabriel-2.zfn.uni-bremen.de [IPv6:2001:638:708:32::19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCE013A1760; Sat, 12 Jun 2021 08:38:01 -0700 (PDT)
Received: from [192.168.217.118] (p548dcc89.dip0.t-ipconnect.de [84.141.204.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4G2MKz3dsQz2xFp; Sat, 12 Jun 2021 17:37:59 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <32952.1623509612@dooku>
Date: Sat, 12 Jun 2021 17:37:59 +0200
Cc: cose@ietf.org, cbor@ietf.org
X-Mao-Original-Outgoing-Id: 645205079.035338-2026f05e496eb776aec306fae7207e42
Content-Transfer-Encoding: quoted-printable
Message-Id: <D87FEE4B-3396-41F2-A8F9-B744E59CEF86@tzi.org>
References: <D8489E8F-F55B-47E5-9D8F-867BB04998C2@tzi.org> <32952.1623509612@dooku>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/Wi3cGh41WY-jeIXOOzxtpZlXX6M>
Subject: Re: [Cbor] [COSE] European Digital Health Certificates (used in European Digital Green Certificates = Vaccination certs)
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2021 15:38:07 -0000

On 2021-06-12, at 16:53, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> My understanding is that QRcode can use the entire 8-bits.  Am I wrong?

As usual, this is less about what QRcode *can* do (there is a nice binary encoding in there), but about what you can get by all the broken stuff that is out there.

So the canonical way to handle this today is:

(1) Use the “alphanumeric” 45-character set defined by QR-Code specs as upper case letters + digits + space (!) + »$%*+-./:«

(2) Use all these characters — even though 2**16**(1/3) is 40.317473596635935 (45**3 = 91125, way more than 65536), so 41 out of these characters would really suffice - don’t avoid the risky characters.

(3) Suffer.

>> Maybe we can find someone to talk about practical aspects of DGC and
>> related efforts at one of the next CBOR interims...
> 
> Actually, I think it belongs as a IAB Tech plenary talk.

Not a bad idea, but probably requires significant preparation.

Grüße, Carsten