Re: [saag] [Secdispatch] Interest COVID-19 'passport' standardization?
Harry Halpin <hhalpin@ibiblio.org> Fri, 30 July 2021 22:09 UTC
Return-Path: <hhalpin@ibiblio.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id B65FB3A1338
for <saag@ietfa.amsl.com>; Fri, 30 Jul 2021 15:09:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=ibiblio-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id WaBOnmontb81 for <saag@ietfa.amsl.com>;
Fri, 30 Jul 2021 15:09:29 -0700 (PDT)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com
[IPv6:2a00:1450:4864:20::530])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 9EF873A1324
for <saag@ietf.org>; Fri, 30 Jul 2021 15:09:29 -0700 (PDT)
Received: by mail-ed1-x530.google.com with SMTP id x90so15156737ede.8
for <saag@ietf.org>; Fri, 30 Jul 2021 15:09:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=ibiblio-org.20150623.gappssmtp.com; s=20150623;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=HrIh+RcS2eTIh6l4IrDym/kQzORY5J7tvcL0WCGmmxI=;
b=p1igT820tEQEshXxLEVgOERSJDpKNAoexJXjP+7FB0sN8YQN2qtgfxV4Jbh6HVdU4f
fH5eOoVJUe1V3xRPpVzDjeVQNzLAB0QFobMtoOeq4DYEdcumyy9jCTrGBxBVrm2JRhGi
W9fWcWr6e5YFQ9fYaq0Y4Or4KElR0uy5htEbLubAGvQtnyJW5j3GW62xgOhsKROfNpcr
gpuqIee+W3dCpXKBlKVytH027u1EeXcL5qvVGm7vRIRO8jr2CPj/GbI0u4dLfnQEdMhA
VaDw5vc1zv90zZ8iPWJvTBgYr7hVFEcaOBYHsZUGN90YkXfXzNWX1SRD4uMCpg+DZDBx
16+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=HrIh+RcS2eTIh6l4IrDym/kQzORY5J7tvcL0WCGmmxI=;
b=rjSU1AZ113To7SWbYcgvd1nNtwBRk2elC0UuDNwh8dFlaWpjWVrWh8n7ViMZNkEZBo
KaEzhTV/JerU73BwH2H2w1uZdd1KJ9u8Zblum6lg7GeWu4wKXu3SZ7UCuXc2Bk76oVsh
ESw24zDVpn1FLE/Su83dQvl3ffUf4NceUzPXUfrSjrtRcQNnZqQrqQsMX5x/kzzk89gX
LIgmB7sjQtV7AiJEKYmJrhmql1IMkTn0GHBI17nsCmvC0w6g948iOxC+I6+ENIrcMuO2
nkmiZro392+ZDQdZXpT5Nrz2XTob9w/EXxyBIu7knltMqMOy+PHCfeQ7x8BROBd00Jpn
G1bQ==
X-Gm-Message-State: AOAM531oKbKYrp1JfbhKSB/x/lhahEpDORBJ0FGAX+t+8c3KlOws8SC3
gt0XCSPw4EyshrbDV5wlAt1UCVDJGAConVwJxpyq0w==
X-Google-Smtp-Source: ABdhPJy3pTmS/u9QLGy/ENKYag0PJArs/KGaCoEjDOqOJNWNz96aMagxVekR00d1WIKBEf6jtvmU4Jc7IFJPF7L8YHc=
X-Received: by 2002:aa7:c857:: with SMTP id g23mr5682970edt.100.1627682962541;
Fri, 30 Jul 2021 15:09:22 -0700 (PDT)
MIME-Version: 1.0
References: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com>
<CABcZeBO56B0YwEm5dbyp1=L_TN+EemoqGt6xDCPzMDRboDZVUw@mail.gmail.com>
<7F5A47B0-4E26-4C51-AA21-6A6038A80A95@gmail.com>
<CABcZeBNsjFaG9HZJ+0f3Czyikt3zpDkguveBh5id2rCHNNeAZg@mail.gmail.com>
<66D90DC4-9BCF-4279-868E-61D5731EC2A4@webweaving.org>
In-Reply-To: <66D90DC4-9BCF-4279-868E-61D5731EC2A4@webweaving.org>
From: Harry Halpin <hhalpin@ibiblio.org>
Date: Sat, 31 Jul 2021 00:09:11 +0200
Message-ID: <CAE1ny+7AUUrV-yTFt_9Wp-M80yQZXWSgXGBf0TU2ddif92rgBw@mail.gmail.com>
To: Dirk-Willem van Gulik <dirkx@webweaving.org>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF SecDispatch <secdispatch@ietf.org>,
Henry Story <henry.story@gmail.com>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ca1e1d05c85e7811"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/J3PS2Yra1etG2wo6TguToeTRWQ4>
Subject: Re: [saag] [Secdispatch] Interest COVID-19 'passport'
standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>,
<mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>,
<mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 22:09:42 -0000
Everyone, Good to see this conversation, and the contributions from Dirk have been exceptionally relevant. In particular, I would put out of scope requiring any verifier to be online and I would also put out of scope data formats with limited real-world uptake, like W3C RDF and Verified Credentials. I would focus on widely deployed standards, such as JOSE/COSE and TLS. In this regard, the EU DGC has done well. I'd like to see international comparison though, as I can imagine many other "proposals" or even working systems are not using modern cryptography. I suspect there is definitely a need for a privacy analysis that is more thorough than DGC has done (surprised to see linkable signatures, centralized databases, and so on and so forth) when we know how to build better and more in the EU GDPR-compliant standards - although I suspect COVID-19 falls under a national security derogation and so GDPR does not apply. Not sure how many people are actually interested in chartering something and the scope, but I'd be happy to host a meeting if someone is attending IETF 111. Although it may be rather late for some, I will be hosting a "side meeting" virtually at the IETF 111 meeting today right after the CFRG IRTF meeting ends. See the wiki for the link: https://trac.ietf.org/trac/ietf/meeting/wiki/111sidemeetings yours, harry On Fri, Jul 30, 2021 at 11:39 PM Dirk-Willem van Gulik <dirkx@webweaving.org> wrote: > On 30 Jul 2021, at 23:23, Eric Rescorla <ekr@rtfm.com> wrote: > > On Fri, Jul 30, 2021 at 2:19 PM Henry Story <henry.story@gmail.com> wrote: > >> The knowledge about the virus and the responses to it are evolving >> very quickly, and so the flexibility of W3C Verifiable Credentials >> comes in very handy here, as it is built on semantic web standards >> built on top of first order logic, hypergraphs, and designed for >> decentralisation, and evolvability. >> > > I don't really agree with this claim. Some of the proposals here use > VC and some do not, but they all seem roughly equally capable and > flexible to me. > > > From an implementor/designing perspective (both the NL domestic version > -and- the EU DCC version) — and although we tried very very hard - the > absolute need for totally off-line use & preventing surveillance*, also, or > especially by the issuing entities (or blind trust in) combined with the > inflexible state of the available semi-usable VC implementations and the > very strong desire to have nothing ‘central’ and no ‘central trust’ - had > us gradually evolve to something not quite VC. Despite this being the > stated goal. > > So I think we have some useful lessons learned w.r.t. the importance of > off-line / totally local validation. > > Dw > > *: e.g. spiked certificates with something unlikely to be cached or > requiring a very unique lookup/OCSP, etc. > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch >
- [saag] Interest COVID-19 'passport' standardizati… Harry Halpin
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Volker Birk
- Re: [saag] Interest COVID-19 'passport' standardi… Harry Halpin
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Volker Birk
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Harry Halpin
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Dirk-Willem van Gulik
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Volker Birk
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Kathleen Moriarty
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Volker Birk
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… Metapolymath Majordomo
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Eliot Lear
- Re: [saag] [Secdispatch] Interest COVID-19 'passp… Michael Richardson
- Re: [saag] Interest COVID-19 'passport' standardi… Michael Richardson
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… denis bider
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Henry Story
- Re: [saag] Interest COVID-19 'passport' standardi… Dirk-Willem van Gulik
- Re: [saag] Interest COVID-19 'passport' standardi… Thomas Hardjono
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Carsten Bormann
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Tim Bray
- Re: [saag] Interest COVID-19 'passport' standardi… Eric Rescorla
- Re: [saag] Interest COVID-19 'passport' standardi… Tim Bray
- Re: [saag] Interest COVID-19 'passport' standardi… Jon Callas
- Re: [saag] Interest COVID-19 'passport' standardi… Stephen Farrell
- Re: [saag] Interest COVID-19 'passport' standardi… Tim Bray