IETF Logo Mail Archive

[saag] Interest COVID-19 'passport' standardization?

Harry Halpin <hhalpin@ibiblio.org> Fri, 30 July 2021 18:17 UTC

Return-Path: <hhalpin@ibiblio.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93D503A0935 for <saag@ietfa.amsl.com>; Fri, 30 Jul 2021 11:17:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ibiblio-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zg7T85abs3bx for <saag@ietfa.amsl.com>; Fri, 30 Jul 2021 11:17:35 -0700 (PDT)
Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com [IPv6:2a00:1450:4864:20::542]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D37033A0933 for <saag@ietf.org>; Fri, 30 Jul 2021 11:17:34 -0700 (PDT)
Received: by mail-ed1-x542.google.com with SMTP id ec13so13886834edb.0 for <saag@ietf.org>; Fri, 30 Jul 2021 11:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibiblio-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=y5jZAN5VI8THrT2ybsvKDdwM+b6WId5Jul1t1ewkwPk=; b=OqItnYc6bxFSyXAlQvzfnn1oBDKSwzcTdtI9DFQHAxR+iz9dJBdnycI1POSRNLNDVs tBN82MLH41OvRDRO2y2C+T7D4vEh1DTN3dSpkfiqR4QpjE7v0vdiV2zPXN798d15YoDG CpJtjQJWeoxM7xHJlJnwB9XdqsKFDR2Qau/VwkLhP6GdTWbrEBga3tDqo2VGUFw2a57j H2/6kQp3KgEKSyIpOwdoaOWk10304vF+XTLqQcwViyqbmjjXieBEVba8KhUq14Qa/vEC CkB2GzqBeUl5e83/T9WCGKI2lEi1VYfkyGHI+EYiLfLQeTe+GXV87l6tk/wIt4lp4EuD SyTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=y5jZAN5VI8THrT2ybsvKDdwM+b6WId5Jul1t1ewkwPk=; b=uSq6yxaQjgeJWKkYGYePndSfnpRfCFB0SkSw528pxMViNc703Nju80vHJ4NjTEYI5F MeSU45zrCV1/dm+Rno6AQPe62ya5dQUxC945LNDC8XwOhwNcoap9XQvpH2wlpuGoyP78 Sd0NrrzQWInzrE8c91YuK+qjqzK2vyn1SG4YsxTS8J099mNqM+PNVYyDFyNdmbkFcnYk ADBnJZWYeQI62RIxwhscy1iuSVo9oDGiTvoFU57g9nL+IMMxRoIvf+T52beluGcfIZH1 XdUCjL0lI11ujIDR0crxGLY9niKtLE3RruVt3q1WXaYxWrvisoHkDAWQzLYdOC7edp8a pBoA==
X-Gm-Message-State: AOAM5316pEDlR8IZ72W9vafKOH8zbbT7JlOjI8ehFoKdDLG1MwmSE4Or npl0H3m6o+Cmp+wagra+znF9cX5CdfB/ZD/bFT+xo04dzAOpfoti7wA=
X-Google-Smtp-Source: ABdhPJyXhldg9qzNfp+5QW4uqFN/u5rXwKiFR2vxlxb6VSH8ayr0CK+OpnoAyHAIaRk5C63Yczt1Vfs/OL1s3FqXF2w=
X-Received: by 2002:a05:6402:1d22:: with SMTP id dh2mr4378577edb.180.1627669051801; Fri, 30 Jul 2021 11:17:31 -0700 (PDT)
MIME-Version: 1.0
From: Harry Halpin <hhalpin@ibiblio.org>
Date: Fri, 30 Jul 2021 20:17:21 +0200
Message-ID: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a5197c05c85b3bad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/63sAKZTPV3_DXAKgOYa5YnmKJPI>
Subject: [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 18:17:40 -0000

Everyone [and apologies if you already got this message on CFRG or
SECDISPATCH],

While the research community and industry was very quick to work on
privacy-enhanced contact tracing, I've seen very few people taking the much
more pressing issue of COVID-19 passports.

If this IETF111 was in person, we could have done an informal BoF, but as
its' not, I'm sending out an email to gauge interest.

I've earlier seen some very badly done academic work using W3C "Verified
Credentials" and W3C Decentralized Identifier (DID) standards [1]. However,
while a bunch of sketchy blockchain technology has not been adopted (so
far, although I believe IATA and WHO are still being heavily lobbied in
this direction), there has been the release of the EU "Green" Digital
Credentials that actually uses digital signatures.

However, there's a number of problems:

* No revocation in case of compromise
* Privacy issues, i.e. leaking metadata
* Limited key management (booster shots might require)
* No use of standards for cross-app interoperability

Furthermore, there appears to be differences between countries, and some
countries do not use cryptography at all (the US). Therefore, as an
American in France who flew home ASAP to get vaccinated in the US, as a
consequence of this lack of interoperability I can't travel on trains or
eat at restaurants easily, despite being vaccinated. I imagine this will
become a larger problem.

I have a report I'm willing to share, but I'd first like to know if there's
any interest in standardization on this front at the IETF despite this
topic being, I suspect, a bit of  astretch of our remit. However, we live
in interesting times.

I don't think the W3C (or the ITU, etc.) has the security expertise, and
while the crypto and security/privacy here is pretty simple, I think it
should happen somewhere.

While I originally polled it by CFRG IRTF to see if there was any interest
whatsoever, Benjamin Kaduk pointed out SAAG and SECDISPATCH would be better
places to start. I'd like to know what others think.

          yours,
             harry

[1] https://arxiv.org/abs/2012.00136

v2.8.7 | Report a Bug | By Email