Re: [CFRG] Question over COVID-19 'passport' standardization?

denis bider <> Mon, 02 August 2021 10:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 546983A185A for <>; Mon, 2 Aug 2021 03:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0ToDX0W2WqdJ for <>; Mon, 2 Aug 2021 03:56:25 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 643D43A1856 for <>; Mon, 2 Aug 2021 03:56:25 -0700 (PDT)
Received: by with SMTP id z3so16002437ile.12 for <>; Mon, 02 Aug 2021 03:56:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=QtNDlgkv5XxUWjK/SWRcLLGduu5D09R49htqW8NjiQU=; b=GsjMRKQWWrInixLm1Un18bwiHj4DdoukRk8MhX95BjN8qR1kTVd6NgE6yZgYf+TNCM aLw74OTFCjHiL+gaVCl7BEJu4ivVkOX6mTIW95l9+T9Xo+6wHF14LRgJmrQc8SLk34TC giwCWP2pyj08dmYQFrTso09ytF4vaGFjjwIu3xxOAFjdo+HzTcjS4HBcLgix3vwgOpsd iHwIrEWknqZmjLP5XK87WYgYb3+eXzthmYNc9T042DrJ1QpHYxjtLJvwEPAiTHoyDDWL HC/B+YJQzQS1szlJfq4WSw6fsIJu4Ur6HGGcUFjnxhYncnwiZe1lif9BzmIZgkEo2E5V YRGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=QtNDlgkv5XxUWjK/SWRcLLGduu5D09R49htqW8NjiQU=; b=iKPx8VuAtSIqY9W3MzgUujpZxd7HCW4L0D0aJBOg/nMl2+pRlReQKUQkkchr2dU0AT DUtF3WJuGHWxIRxWLlSN5I7SK20y4R62UcLyHZ2c/WPYl0ZpeyBOM6ByPrBVuwFqQh8F HeHbGhlUstB17UiK/PAvJJUb+dKlF0H/DghVhF4HkdrmGgCTXARfm6A7rbL2cxgc4qBd N3z5RsRFP/jP+Yi5Vx3s8Zs+nop+PJC8R+NkG/A3oJhGvrV7K3bAgiNCSLYtiDs7Y5Co Wx6ckpYycj4vxU8xaOAn7b/WxG3EwNN9oQH1C+FkUPkSIFNtmrw1rAfAeJ11UXmN1HoC lrUw==
X-Gm-Message-State: AOAM530TI7/0Pt2D0SQlgHfLMFyoWUkQk5tbZTnEq4FKarbiKU0M3zlc G/cvhmCWbLguzPaYMfgzqLXuVyq8BvQjytn710g=
X-Google-Smtp-Source: ABdhPJy+nhKYJQfCwu/kMgsBm3UD/vHTEANb8QTF7gnR2uFZGeb3FpuecIE9ARokwY6gUVpvGbw+i0Yt9TpEyEIOtRw=
X-Received: by 2002:a92:1a12:: with SMTP id a18mr1776769ila.289.1627901783614; Mon, 02 Aug 2021 03:56:23 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: denis bider <>
Date: Mon, 02 Aug 2021 05:56:12 -0500
Message-ID: <>
To: Harry Halpin <>
Cc: Cfrg <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [CFRG] Question over COVID-19 'passport' standardization?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 Aug 2021 10:56:30 -0000

Covid-19 vaccine passports are the stupidest, most oppressive shit
that needs to be resisted at all levels.

Given information we have now, I cannot respect anyone who still
accepts any of the Covid-19 vaccines.

The vaccines do NOT stop transmission. They do NOT reduce deaths. They
just redistribute deaths from average age 80+ with comorbidities, to
younger people by giving myocardial infarctions to children and young

There is no medical justification to force these vaccines on anyone.
Individually, there is no benefit given the information we already
know, for nearly anyone, in nearly any risk group.

For a healthy individual to accept these vaccines is stupid. For
governments and businesses to force them on people is monstrous and a
crime against humanity.

Long-term, we do not know anyone who survived 2 years or more after
taking these vaccines. Please try to refute that statement.

Anyone who conducts work that enables the forcing of these vaccines,
and the arrival of mandatory vaccine passports, is a Dr. Mengele and
should expect a trial before a tribunal with penalties up to and
including death.

I am serious. Do not do these fucking things.

On Fri, Jul 30, 2021 at 12:48 PM Harry Halpin <> wrote:
> Everyone,
> While the research community and industry was very quick to work on privacy-enhanced contact tracing, I've seen very few people taking the much more pressing issue of COVID-19 passports.
> I've earlier seen some very badly done academic work using W3C "Verified Credentials" and W3C Decentralized Identifier (DID) standards [1]. However, while a bunch of sketchy blockchain technology has not been adopted (so far, although I believe IATA and WHO are still being heavily lobbied in this direction), there has been the release of the EU "Green" Digital Credentials that actually uses digital signatures.
> However, there's a number of problems:
> * No revocation in case of compromise
> * Privacy issues, i.e. leaking metadata
> * No key management (booster shots might require)
> * No use of standards for cross-app interoperability
> Furthermore, there appears to be differences between countries, and some countries do not use cryptography at all (the US). Therefore, as an American in France who flew home ASAP to get vaccinated in the US, as a consequence of this lack of interoperability I can't travel on trains or eat at restaurants easily, despite being vaccinated. I imagine this will become a larger problem.
> I have a report I'm willing to share, but I'd first like to know if there's any interest in standardization on this front at the IETF despite this topic being, I suspect, a bit of  astretch of our remit. However, we live in interesting times.
> I don't think the W3C (or the ITU, etc.) has the security expertise, and while the crypto and security/privacy here is pretty simple, I think it should happen somewhere. So I thought polling it by CFRG IRTF would be a good idea to see what would happen, as the CFRG has probably the largest security/privacy expertise in the wider IETF circles.
>           yours,
>              harry
> [1]
> _______________________________________________
> CFRG mailing list