IETF Logo Mail Archive

Re: [saag] Interest COVID-19 'passport' standardization?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 31 July 2021 14:44 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F2063A28E4 for <saag@ietfa.amsl.com>; Sat, 31 Jul 2021 07:44:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YrLk695bGgRz for <saag@ietfa.amsl.com>; Sat, 31 Jul 2021 07:44:14 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20122.outbound.protection.outlook.com [40.107.2.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 474523A28E2 for <saag@ietf.org>; Sat, 31 Jul 2021 07:44:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eCfXXedrU/lFnOSdG8Ke/grV5biRo0wmHFeHvEU/AEHqipoh+YE0DlGHAjIt7qhDCNXyy0GA1J57G8nMTVwLorvKWE8lHGfnmmXA3wdvx1bBdBPQ9b98LjqNjOSFHWOlYbB0uR3q4tvC/o3W2jJij2c18VIkZhCoLhcmfgWzCJpTvfW1jX3vqMI6OqgoEjipVHSzlua4WiZA/2ayNWrdFTcQ+FlZe22gVEqzy6pVl2C/c9xX3V3AJe5muaMtqX1REn7HttPxqTY9hAD3SaqeiquWHK6EwW17mD8EM5Oo2jvLrJcfVip/H13AeIu2YrLoZEDH5zbaw44Ta+CJHb+vMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RXy+L+ygc6REgj9W5dXdDXI8MTSohsGd6YPEEDKxx0U=; b=iclPpj7QeZZugoEj643iLQmG/IOdh+oKz4zUSrfQhSeB8S03l9fqJw8gvUZDHLQMCU4gnZjIQp8t5Pa50HF6U1SWAkdjw/0Eh891XoqztcFY3VlOvmH8mWeYqYSjHPoPNFGZQzRkP+5Om2wLGmzNpn6brhdSRUOSCMEHcggZZ6cFsbHxUgPbZPFcp8q8lTVdD7pralgS4PiSKPa6KTnFvBMYn06SoA4op1wdM0M8zOTE62iEFWyWROf4AwlZ4fKevmaoLGeoxLMGjUNvA/NX+E1fVyd5QumfTD6mo8UG60yWtE+JpoRAS6hCeUt5XuJnDFlgM5+e3/y/wtXVHg5x/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RXy+L+ygc6REgj9W5dXdDXI8MTSohsGd6YPEEDKxx0U=; b=ITmiBzWCTLjL4sh+ruJd0Y/1SeYEo/riXgZx0J7tZDEsUyNLkQk7NltaEPFFfeJpLuNP652U5qY+rITP8NXizdIK3dydalriK6BRRERVsrS30EzjxwLOx/i5Utz8fa4iA/8Gq2pWbdics1FpjjXDtTaZxcX7Z5AbzkUd5Ib+UTTWXoTmJegBzHZBuusQJGSkX7KZq19E72+Z8zE6e1ZdaOeHwSHnPjdT6wsaOtbJUeyLa+B7AcGHwD9K1Tus/aGdLLsMbhJmQn83Pyce7knbDeThqrWljW7UY7lgzQ8N2oFUUM5eQhIQU9B89lzwPiPN+8wz8LZB/bMttB61mW8yYw==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB6PR0201MB2375.eurprd02.prod.outlook.com (2603:10a6:4:35::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.25; Sat, 31 Jul 2021 14:44:10 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4198:a9d1:7246:8272]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4198:a9d1:7246:8272%3]) with mapi id 15.20.4373.026; Sat, 31 Jul 2021 14:44:10 +0000
To: Harry Halpin <hhalpin@ibiblio.org>, saag@ietf.org
References: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <09d0a050-781b-a4cc-47bf-d1e652e4c982@cs.tcd.ie>
Date: Sat, 31 Jul 2021 15:44:07 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="vc72UNIUlaF5uMFUrWxL5As7TYw6OgGdy"
X-ClientProxiedBy: DB6PR0801CA0050.eurprd08.prod.outlook.com (2603:10a6:4:2b::18) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.244.2.119] (95.45.153.252) by DB6PR0801CA0050.eurprd08.prod.outlook.com (2603:10a6:4:2b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.17 via Frontend Transport; Sat, 31 Jul 2021 14:44:10 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8e466e77-cd96-4e77-900d-08d95431a826
X-MS-TrafficTypeDiagnostic: DB6PR0201MB2375:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB6PR0201MB2375EE51E1DA27CE228BB491A8ED9@DB6PR0201MB2375.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:669;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 3/G8yfpEHUPqjiAkTVeY4SJQUZ1zSCR0dDrliQYR9Ldew4kJ/WfhK7ydfHE497lUl/53StPvpa3EhLba5PNAvVMmkMgD898xblXb2zApEZK8pgdvVTDYCTXuZaf0gCsftg1lC6SCJe6sjKsDLhyBgN6eWuWxBMtUqvNAKIgk1TwKIa2IbMfrex6G3vmj0GtMqD++33DZCTw+Vk/GEBtjt5c56qk7YD86W7vhZ/uCyhWFVeXacAaPv+M+ft18SjPeaUYH2gznbdgJBhbwUU+m2N75hSmTtpvBbzX1lufUw5c57a65U/R9+O3UTYmG47lFLkOYZ/vC7SWo1JmXMnraStYb4myHNTRsFPMxG9UBcSj8k/wmIqbBSKYTkv/slwukSBjP83yrMjfM8p91oGMgipXd1UYWv+YrFKIk5xnOxO5InymA95hOWhlky7nAFXCCwckGdky815a/m+4OinSDO6OET5hwqWKXKhbtCvPQkMxrpqYOowKEVFiahXALcfRGBnsr/6iHrNEroRYDfHnLufHDqh0XrtJzAO4W/8ghSTRfB1N1Q2QmM/XGox/+OQTi6U/dQOLULDn/+ip5whALLG502kCUJZjO4aNVAbAGX7GPyJr4PQEQHqzsS3xdVZ6bQEi/UvOmNRQksg1d8OsrZe7DApWxA1gt4U2gnVy+WYGJKqZ/Cg6mSjBig4PS/We1ET907f821CJMKkK8sWuAWDvb6A4nL3Wi0m/aoIIBWeFJ3ok/A/PMGjVxXczz/xPhy5JRiWLkEn6f8pzzSg++NL7NMb5jWVXcXRCHv4wfok8Mdke6JHNfy3NwySHfwGY0
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(39860400002)(396003)(376002)(366004)(235185007)(44832011)(31686004)(21480400003)(38100700002)(31696002)(5660300002)(36756003)(2906002)(2616005)(786003)(316002)(86362001)(956004)(16576012)(83380400001)(8676002)(6666004)(478600001)(33964004)(26005)(8936002)(186003)(66556008)(6486002)(53546011)(966005)(66476007)(66946007)(66616009)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dldMSkgzUDd4b3AzaS85cWgzYUZOVEpoSGlweTc3S1BZNGh0KzJvZk1OdWRO?= =?utf-8?B?QnJDaHFvUFMvNGEwZXl1eW5BcVFOQlluVy9SWkpNcUJwZlFoMDB4TWlJNnN1?= =?utf-8?B?TDhhYXd5ZEV1aE1aVXc5WXc0bkFRSzV1UWpCN1p4U3p4TGVBYnl3YTMvZVg2?= =?utf-8?B?dVpmeE5Tb3NqVkZVU0RKUWV6b0xYODFQWklrL0lTOW00UE5wciszZkNwcWNP?= =?utf-8?B?RkhHd2ttL2NBeUhPc09BNTVVUFlMQVh6cEprMGtwWStndTNkU2p0ZzNJeDMx?= =?utf-8?B?THBaZnZWeE00UndrQXEvMEZMaFllSHVZczl1SjZiVnFLZ25zL0ZGaXlzUDNu?= =?utf-8?B?by9mN2t3L0F0Tm1xZUM0QklFZ0xha09Dd1lMcWV4MzlRUXVaTE5JZ2R2NEI3?= =?utf-8?B?QTdMRTVtbzB1ekY3TG9BV1E0VTNpcTJvOVd3SXNQN2h1dVBVTkhyN28zTUlI?= =?utf-8?B?V04zdUVLK2xPTnNCeEV1aEw1VGdTMU55NXJXUWo0djBpdEhKU0RkT2JDaXdt?= =?utf-8?B?dC9BNndleUxhWTc2ajVTNkVqbXROT3RpZlpXK0ZudDRUTXQ0bkp4WjcwcHZF?= =?utf-8?B?QWI4YUM5NEUwNWkvRkYxYlBxSHdCNWFJbUcrN2J0S2VwcklEazhVcXRlYjJq?= =?utf-8?B?cXFVeXBkSHRFT3VOdlBpWW4yelA2blJkejRaOTJVMEdCTUhveDd3bWZ1RVRE?= =?utf-8?B?QmV0MEFGTTVZN0ZHaFNmMmVQSXZ2V0VNaXR3TzRidEtFS0NqZFZuVmJ0cys3?= =?utf-8?B?SENBV1BNLzNVRnp6T2NEcy94U2tyaWJhUzEvZ2xlc0VNVDY2U1BvZGczTmtM?= =?utf-8?B?aDQyalA5RGdqU2tybm9rVXp6UGZpekxtL201aTBwRm9ZRDhIM1JlenF3SzJl?= =?utf-8?B?U21Wd2FQRmNIMTZnWUhLWVM2bys4MHpORTloUjhWeEdjd0dvbjdMMXlXQXZ3?= =?utf-8?B?OWo2Sys5QlFDc2FkdG83cm9ySWNMallVbzFuOHFSYVFjTnlFNUVNSDhMRWEr?= =?utf-8?B?M1czMzZLV3duTXZxUHFwV2l0V0xINHU2RzdlNjVMc09wbGtyOExGSHZjWTE1?= =?utf-8?B?TDFFWWtqRVBTVzhHZUlyakQ3WGtiWXcvS21zdXg2Z2czTHBLQWptSHdOd1R0?= =?utf-8?B?bWRreEllbFhDTE1ZZThLdWdMdmk5M1ZudFhvbUo0YVJOYnhHT3VDZU5raEZE?= =?utf-8?B?ejd6dGdReGhMRlkrWWtPdmxHNnpSSXJ6MHZ6RWx2aWJRSHREbHlYTVZmV0ox?= =?utf-8?B?bTlCanlReEdMY1lvSkthYVNJaWdiSEgwNnVoUEhVZzNjNnYrc0laVzdnUlZj?= =?utf-8?B?VFlUK2l2aGhpa1pTbDJVODNNYVNTSzgxaUpGNXArWW1lbnQ3N2hIeHM1bUMx?= =?utf-8?B?WTM3L1dCcE1EaGdqeSs1cmxmN29qeW16MStWVzZ3b0QxekIzWXZpVEsxaG9r?= =?utf-8?B?cmYvdmJYYm90YjFrTU8rNy9tT0k0MENmYlZWbkc5Snk2MzhGOFlkQ0M0VzI2?= =?utf-8?B?Sm1xeVplMDJBMnFTVDMzMElNRlh1ZzJRdm00enUxbFZBVzh4M0VnMWVFbGhF?= =?utf-8?B?UE80SFNLV3A4cEIzcDhLaHdJTS9tWGYxcWl3ZTEyQkVIb0o2ZG5BS3g0NFNI?= =?utf-8?B?TWlCdkhKZEo1MzRqVUVOMlBHaDFIdzRhVys2SzZaWjNVL3h4Z0Q4TGVLcEpy?= =?utf-8?B?c2lDODRCZVUzSjUrS244eE1SZTZoTzV2ZkdsM0RXc1prQk8zdDdQdVlzRC9E?= =?utf-8?Q?NZUVcyxI40WPyffhtBQMXvRo3th+ibp3N1ChauY?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e466e77-cd96-4e77-900d-08d95431a826
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jul 2021 14:44:10.2535 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: oceLsgxcpXRCbSOITKOqB2wfcIMU80/0DvY/46l/6Y9IN5btru2j7CBoJsS7EtUL
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0201MB2375
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/0qq6hsvKzedw5m50i0iaJiR37Ds>
Subject: Re: [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 14:44:21 -0000

I don't believe the IETF ought be active in this space.

For their originally designed purpose (cross border travel),
these systems seem mostly ok as traditional passports will
also be shown at the same time. I don't see that the travel
authorities need help from the IETF for that.

We are seeing significant feature-creep e.g. these QR codes
are now being required for indoor dining here in Ireland at
the moment. The scanning technology offered to venues by the
Irish govt at the moment is an awful online web page [1] to
which all the QR code data is sent (so govt servers get to
see who enters where, when, even though they say they don't
store any of that). That system is likely (IMO) to be widely
ignored within weeks of it's unwise introduction. We'd be far
better to stay uninvolved there too IMO.

Cheers,
S.

[1] https://app.digitalcovidcertchecker.gov.ie



On 30/07/2021 19:17, Harry Halpin wrote:
> Everyone [and apologies if you already got this message on CFRG or
> SECDISPATCH],
> 
> While the research community and industry was very quick to work on
> privacy-enhanced contact tracing, I've seen very few people taking the much
> more pressing issue of COVID-19 passports.
> 
> If this IETF111 was in person, we could have done an informal BoF, but as
> its' not, I'm sending out an email to gauge interest.
> 
> I've earlier seen some very badly done academic work using W3C "Verified
> Credentials" and W3C Decentralized Identifier (DID) standards [1]. However,
> while a bunch of sketchy blockchain technology has not been adopted (so
> far, although I believe IATA and WHO are still being heavily lobbied in
> this direction), there has been the release of the EU "Green" Digital
> Credentials that actually uses digital signatures.
> 
> However, there's a number of problems:
> 
> * No revocation in case of compromise
> * Privacy issues, i.e. leaking metadata
> * Limited key management (booster shots might require)
> * No use of standards for cross-app interoperability
> 
> Furthermore, there appears to be differences between countries, and some
> countries do not use cryptography at all (the US). Therefore, as an
> American in France who flew home ASAP to get vaccinated in the US, as a
> consequence of this lack of interoperability I can't travel on trains or
> eat at restaurants easily, despite being vaccinated. I imagine this will
> become a larger problem.
> 
> I have a report I'm willing to share, but I'd first like to know if there's
> any interest in standardization on this front at the IETF despite this
> topic being, I suspect, a bit of  astretch of our remit. However, we live
> in interesting times.
> 
> I don't think the W3C (or the ITU, etc.) has the security expertise, and
> while the crypto and security/privacy here is pretty simple, I think it
> should happen somewhere.
> 
> While I originally polled it by CFRG IRTF to see if there was any interest
> whatsoever, Benjamin Kaduk pointed out SAAG and SECDISPATCH would be better
> places to start. I'd like to know what others think.
> 
>            yours,
>               harry
> 
> [1] https://arxiv.org/abs/2012.00136
> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.8.7 | Report a Bug | By Email