[saag] Interest COVID-19 'passport' standardization?
Harry Halpin <hhalpin@ibiblio.org> Fri, 30 July 2021 18:17 UTC
Return-Path: <hhalpin@ibiblio.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 93D503A0935
for <saag@ietfa.amsl.com>; Fri, 30 Jul 2021 11:17:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=ibiblio-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id zg7T85abs3bx for <saag@ietfa.amsl.com>;
Fri, 30 Jul 2021 11:17:35 -0700 (PDT)
Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com
[IPv6:2a00:1450:4864:20::542])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id D37033A0933
for <saag@ietf.org>; Fri, 30 Jul 2021 11:17:34 -0700 (PDT)
Received: by mail-ed1-x542.google.com with SMTP id ec13so13886834edb.0
for <saag@ietf.org>; Fri, 30 Jul 2021 11:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=ibiblio-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:from:date:message-id:subject:to;
bh=y5jZAN5VI8THrT2ybsvKDdwM+b6WId5Jul1t1ewkwPk=;
b=OqItnYc6bxFSyXAlQvzfnn1oBDKSwzcTdtI9DFQHAxR+iz9dJBdnycI1POSRNLNDVs
tBN82MLH41OvRDRO2y2C+T7D4vEh1DTN3dSpkfiqR4QpjE7v0vdiV2zPXN798d15YoDG
CpJtjQJWeoxM7xHJlJnwB9XdqsKFDR2Qau/VwkLhP6GdTWbrEBga3tDqo2VGUFw2a57j
H2/6kQp3KgEKSyIpOwdoaOWk10304vF+XTLqQcwViyqbmjjXieBEVba8KhUq14Qa/vEC
CkB2GzqBeUl5e83/T9WCGKI2lEi1VYfkyGHI+EYiLfLQeTe+GXV87l6tk/wIt4lp4EuD
SyTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=y5jZAN5VI8THrT2ybsvKDdwM+b6WId5Jul1t1ewkwPk=;
b=uSq6yxaQjgeJWKkYGYePndSfnpRfCFB0SkSw528pxMViNc703Nju80vHJ4NjTEYI5F
MeSU45zrCV1/dm+Rno6AQPe62ya5dQUxC945LNDC8XwOhwNcoap9XQvpH2wlpuGoyP78
Sd0NrrzQWInzrE8c91YuK+qjqzK2vyn1SG4YsxTS8J099mNqM+PNVYyDFyNdmbkFcnYk
ADBnJZWYeQI62RIxwhscy1iuSVo9oDGiTvoFU57g9nL+IMMxRoIvf+T52beluGcfIZH1
XdUCjL0lI11ujIDR0crxGLY9niKtLE3RruVt3q1WXaYxWrvisoHkDAWQzLYdOC7edp8a
pBoA==
X-Gm-Message-State: AOAM5316pEDlR8IZ72W9vafKOH8zbbT7JlOjI8ehFoKdDLG1MwmSE4Or
npl0H3m6o+Cmp+wagra+znF9cX5CdfB/ZD/bFT+xo04dzAOpfoti7wA=
X-Google-Smtp-Source: ABdhPJyXhldg9qzNfp+5QW4uqFN/u5rXwKiFR2vxlxb6VSH8ayr0CK+OpnoAyHAIaRk5C63Yczt1Vfs/OL1s3FqXF2w=
X-Received: by 2002:a05:6402:1d22:: with SMTP id
dh2mr4378577edb.180.1627669051801;
Fri, 30 Jul 2021 11:17:31 -0700 (PDT)
MIME-Version: 1.0
From: Harry Halpin <hhalpin@ibiblio.org>
Date: Fri, 30 Jul 2021 20:17:21 +0200
Message-ID: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a5197c05c85b3bad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/63sAKZTPV3_DXAKgOYa5YnmKJPI>
Subject: [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>,
<mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>,
<mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 18:17:40 -0000
Everyone [and apologies if you already got this message on CFRG or
SECDISPATCH],
While the research community and industry was very quick to work on
privacy-enhanced contact tracing, I've seen very few people taking the much
more pressing issue of COVID-19 passports.
If this IETF111 was in person, we could have done an informal BoF, but as
its' not, I'm sending out an email to gauge interest.
I've earlier seen some very badly done academic work using W3C "Verified
Credentials" and W3C Decentralized Identifier (DID) standards [1]. However,
while a bunch of sketchy blockchain technology has not been adopted (so
far, although I believe IATA and WHO are still being heavily lobbied in
this direction), there has been the release of the EU "Green" Digital
Credentials that actually uses digital signatures.
However, there's a number of problems:
* No revocation in case of compromise
* Privacy issues, i.e. leaking metadata
* Limited key management (booster shots might require)
* No use of standards for cross-app interoperability
Furthermore, there appears to be differences between countries, and some
countries do not use cryptography at all (the US). Therefore, as an
American in France who flew home ASAP to get vaccinated in the US, as a
consequence of this lack of interoperability I can't travel on trains or
eat at restaurants easily, despite being vaccinated. I imagine this will
become a larger problem.
I have a report I'm willing to share, but I'd first like to know if there's
any interest in standardization on this front at the IETF despite this
topic being, I suspect, a bit of astretch of our remit. However, we live
in interesting times.
I don't think the W3C (or the ITU, etc.) has the security expertise, and
while the crypto and security/privacy here is pretty simple, I think it
should happen somewhere.
While I originally polled it by CFRG IRTF to see if there was any interest
whatsoever, Benjamin Kaduk pointed out SAAG and SECDISPATCH would be better
places to start. I'd like to know what others think.
yours,
harry
[1] https://arxiv.org/abs/2012.00136
- [saag] Interest COVID-19 'passport' standardizati… Harry Halpin
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Volker Birk
- Re: [saag] Interest COVID-19 'passport' standardi… Harry Halpin
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Volker Birk
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Harry Halpin
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Dirk-Willem van Gulik
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Volker Birk
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Kathleen Moriarty
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Volker Birk
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… Metapolymath Majordomo
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Eliot Lear
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Michael Richardson
- Re: [saag] Interest COVID-19 'passport' standardi… Michael Richardson
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… denis bider
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Thomas Hardjono
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Tim Bray
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Tim Bray
- Re: [saag] Interest COVID-19 'passport' standardi… Jon Callas
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… Tim Bray