IETF Logo Mail Archive

Re: [saag] [Secdispatch] Interest COVID-19 'passport' standardization?

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sat, 31 July 2021 10:50 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 510493A2191 for <saag@ietfa.amsl.com>; Sat, 31 Jul 2021 03:50:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cncV0FQxQoXj for <saag@ietfa.amsl.com>; Sat, 31 Jul 2021 03:50:31 -0700 (PDT)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 762673A218F for <saag@ietf.org>; Sat, 31 Jul 2021 03:50:31 -0700 (PDT)
Received: by mail-qk1-x732.google.com with SMTP id c9so11945796qkc.13 for <saag@ietf.org>; Sat, 31 Jul 2021 03:50:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=7GYRUBccmmJcg/xQio+veoQgNLUDKVBV0fJjA70E6N4=; b=CXiUWyY34SXfhQdp4zBYDg54xxPXFMyj55QnPTF2I3vgTeU+6Ed+GXtubN28LQW/Ng T2gL9r/n55SeTRUrV4Vr7c//nDchdlUtyvSYZcLT6UkoqXOKiyTW5YADtZpZe8lsk7vQ dUIID/azsEaUqY5eRY0RiA5qIvi6lZRorB07hgcdvw8VQxIxyNzvx9BTVpwGggQVnHig oqI34mE3jl9NLi7D77KtgZ/voX/sceAerjP0w3llOmfOt7RwvFgepFmgXm/yYijkZVwp O14s7zQDv2Ifp9H7OGaVcHbX4TDb+1oBUS8YzsJvYruks8gIq6MbdHOXPkCWBW6gj4Zz 0N/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=7GYRUBccmmJcg/xQio+veoQgNLUDKVBV0fJjA70E6N4=; b=slbBh43RjAj+YTqUn/02SmhzUIqs4IXlXEP3B8ov4YnxwfPC3nnDv4JB4ACycslnM1 Nh/uRtaX6adh27UfHQDMru8shBB9/1XdsXoFp2BBMsMm7rz9Lu/g5LYfwkugsPCh4bcM XpuimaHu9oip4CC8uL8f1sa4ThdT4gqWiy76S7poJhP231D0BwccHRUtTwHE89oEWUoE 8OX9OLdraV+MR6LYw3lnfLlel0AH9mA897qNXrA38QbalvgLven8b+p94K0JLsVnG2jJ sFrX6jckWeqi/podWlAl4LoIjitIvr7kwZAgYLM6cNdlJK9C1X4Xvcv5WsiGfnpJf5Uh AB5w==
X-Gm-Message-State: AOAM53355OjDd8zNRInh1sPWSSPYGWqlHRv8ZAad8U2Nu9GKXqqDuE6X Oe9Y5MaivYwSTRf749dePVuxsRGfdvqRqg==
X-Google-Smtp-Source: ABdhPJw6D8K34IgbRN1YNpILxwUghZgryZmNQFXnPiAbspmN21TddBuvAZiZhr3mHpY8NVxU9Eh1Iw==
X-Received: by 2002:a37:9401:: with SMTP id w1mr6347329qkd.166.1627728629492; Sat, 31 Jul 2021 03:50:29 -0700 (PDT)
Received: from smtpclient.apple (146-115-101-80.s7246.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.101.80]) by smtp.gmail.com with ESMTPSA id y10sm1775264qta.16.2021.07.31.03.50.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 31 Jul 2021 03:50:29 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Date: Sat, 31 Jul 2021 06:50:27 -0400
Message-Id: <584D4593-1785-4E1F-ADCE-9F16A0F81DE7@gmail.com>
References: <20210731102920.hq5knlz26diunq42@pep-project.org>
Cc: saag@ietf.org
In-Reply-To: <20210731102920.hq5knlz26diunq42@pep-project.org>
To: Volker Birk <vb@pep-project.org>
X-Mailer: iPhone Mail (18F72)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Nt0rfRtvJyZ_gTDmQI-okcYmpjM>
Subject: Re: [saag] [Secdispatch] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 10:50:36 -0000

While a standard may very well emerge and the IETF is more than capable of ensuring the security and privacy are specified to high standards, this feels like overall it would be helping use cases similar to ones in RFC2804. I think we’d have a hard time ensuring the uses of a specified format and protocol to avoid falling into privacy violations. At some point, how it’s used would be out of our hands. 

I’m not sure the IETF would be able to constrain what is shared with whom as that will go beyond on the wire communications. While we could specify object level encryption, I’m not sure this type of protocol is a fit for the IETF given RFC2804 and other similar agreements. 

Best regards,
Kathleen 

Sent from my mobile device

> On Jul 31, 2021, at 6:29 AM, Volker Birk <vb@pep-project.org> wrote:
> 
> On Sat, Jul 31, 2021 at 12:02:22PM +0200, Dirk-Willem van Gulik wrote:
>> Note tha the DCC does not have a centralised database (and in fact, a
>> lot of countries do not have any central database either
> 
> No, they don't.
> 
> But there is zero chance that the enterprises, which do the checks,
> haven't.  Founders of id2020:
> 
> https://id2020.org/alliance
> 
> Microsoft, Accenture, GAVI Alliance (Bill & Melinda Gates Foundation),
> Rockefeller Foundation. See their invests.
> 
> Among General Partners:
> 
> Mastercard
> 
> Who could be the profiteers? Microsoft and Mastercard are already at the
> Point of Sale. And the “Covid Pass” is useless without identifying the
> person who's showing it.
> 
> This will be a gateway tracking of world's population, giving the
> gatekeeper role to the corporate world.
> 
> BTW: having a central database will be perfectly legal for the
> enterprises. “It is needed to do the identification of the person who is
> showing the Covid Pass” is excuse enough in most if not in all legal
> systems.
> 
> You're building dystopia.
> 
> Yours,
> VB.
> -- 
> Volker Birk, p≡p project
> mailto:vb@pep-project.org
> https://pep.software
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.8.7 | Report a Bug | By Email