Re: [saag] Interest COVID-19 'passport' standardization?

[Carsten Bormann <cabo@tzi.org>]

On 2021-07-31, at 16:44, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> I don't believe the IETF ought be active in this space.
> 
> For their originally designed purpose (cross border travel),
> these systems seem mostly ok as traditional passports will
> also be shown at the same time. I don't see that the travel
> authorities need help from the IETF for that.
> 
> We are seeing significant feature-creep e.g. these QR codes
> are now being required for indoor dining here in Ireland at
> the moment. The scanning technology offered to venues by the
> Irish govt at the moment is an awful online web page [1] to
> which all the QR code data is sent (so govt servers get to
> see who enters where, when, even though they say they don't
> store any of that). That system is likely (IMO) to be widely
> ignored within weeks of it's unwise introduction. We'd be far
> better to stay uninvolved there too IMO.

I don’t understand why the fact that governments buy inane applications (*) should prevent us from thinking about this space.  Patrik’s base45 draft is a nice example where we knew from the outset that the spec was suboptimal (in deployability, fortunately not in security).

Just because, er, foobook.com is reached via TLS doesn’t mean we have to stop supporting TLS :-)

Grüße, Carsten

(*) here in Germany we have the “Luca” app with an abysmal privacy design, which is often called “Luca-schenko” (schenken = giving a gift to someone) because some federal states paid huge amounts of money for no good reason to the instigators, which include a hip-hop star; you couldn’t make this up.