IETF Logo Mail Archive

Re: [saag] Interest COVID-19 'passport' standardization?

Metapolymath Majordomo <majordomo@metapolymath.com> Sat, 31 July 2021 16:15 UTC

Return-Path: <kw@metapolymath.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C74AF3A0B7A for <saag@ietfa.amsl.com>; Sat, 31 Jul 2021 09:15:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metapolymath.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PppHd_BaZZc8 for <saag@ietfa.amsl.com>; Sat, 31 Jul 2021 09:15:09 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF0103A0B79 for <saag@ietf.org>; Sat, 31 Jul 2021 09:15:08 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id h11so17310506ljo.12 for <saag@ietf.org>; Sat, 31 Jul 2021 09:15:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metapolymath.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=hqpqj1unDVISn9H1U0SqZhu9rTb6zgkUmpRxKQ80UaA=; b=MhQACnSZVw6nZINDIynu1gfIgF7r5Im+BvEsTPvALPN3f38+J0RauMnhAsrOYRbPsU nI6Zk08SCtvb8mG/ya//WKu/C4VPa8sLm4I9pWDXKwqFJTmAm0V3ixmeqwkd3Wb0qDN/ +dsix80kELLbuQSoZsVpeaRlOHAWZI03QfKJcB3w4FpATlFrEHVwVTZ0zQQNGZj+c+4n 4+yXxVUA60AEW1mgByCzkLikM0AG9L1WYCxzznm/SGr8uy+an0q61zHTHIB/CfWkCY5I +KJnTDp+MAH//oD9XMUW+0VS678SkCmLQcWarruUOMKf0iXWgXSQpsIMivai0jbPfxhP 1n8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=hqpqj1unDVISn9H1U0SqZhu9rTb6zgkUmpRxKQ80UaA=; b=nSv7GhAjS5t4ePRhy05UosStGsAjZP47ImZIsXs3pK4ebuulCsofkDJrxGV1YS1OfX 1iVb9QB8j6MRzz5/XMoZcnsB2ZdkL/CE2x7eFbWKmJgx3r7aa/71yytUJuZ01unLqcFr di3adlpoFsK1HIxX98fjKH2KyZhHCIeF4cRw1wzFt0LvtcLj5TSAO+WflGzYuaNgsYaM XxvrKOgdUXSkJ6sLX8Cd8deEkVoLLUzdsIjs+42QS0YV7UEDmDHvPPaomNd9mH4QbjLx d40ORwOh6UjUg0ZSTVWUdyVr3I9fCjjrAswuLyPxC3p1vOnWVziuAuDq5wWikF9RT+YT MQtw==
X-Gm-Message-State: AOAM531gsJHZ9zcpVnlJLVMZTjyQBdD4/pFAXEnKYOMwurk5rTZdegAK TZ5RUux0njX55HQZc4JcMxMMmmVYl/ZN4INqP+sQ9fj7VpQ=
X-Google-Smtp-Source: ABdhPJyg5jr9rJiEd7p4nIhdf+4WRLQzVxPUSLwIKD/ZcwJuvBxGvc+4clCK2xcbj9iNIiY/4o42iG+P2YADAm1e8g0=
X-Received: by 2002:a2e:b4b8:: with SMTP id q24mr5577598ljm.253.1627748104292; Sat, 31 Jul 2021 09:15:04 -0700 (PDT)
MIME-Version: 1.0
References: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com> <09d0a050-781b-a4cc-47bf-d1e652e4c982@cs.tcd.ie> <266B969A-CBC1-473B-8F5F-D7A31B66DA2C@tzi.org> <33cbcf8d-ed18-860f-912b-93a5ad5ea177@cs.tcd.ie>
In-Reply-To: <33cbcf8d-ed18-860f-912b-93a5ad5ea177@cs.tcd.ie>
From: Metapolymath Majordomo <majordomo@metapolymath.com>
Date: Sat, 31 Jul 2021 11:14:51 -0500
Message-ID: <CABtv6o_y4g-yTwPP4+6oMXBhAmkvHD5jTpic_HF+yTwR2zKyLg@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008a65a305c86da388"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/W6kJYBFJaW1YXi5YwpZMnJfpm8I>
Subject: Re: [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 16:15:14 -0000

Hi All,

Standardization of specific disease Electronic Medical Record (EMR) secure
clearinghouses is Out of Scope for the IETF. Vendors must be at liberty to
develop their own method if required by their sponsor or government and if
a solution becomes adopted which uses open source, then widely accepted by
other vendors /and/ is utilizing a non-standard method which proves
successful, then and only then should that Method should be discussed as
allocating a standard for the method, never the specific disease. We would
need more than one use case (more than COVID-19 vaccination EMR) to have a
balanced discussion about what's working and what's not. We should not be
steering into conversations about what policy companies and governments
should be allowed to make as it is not an Engineering topic.

I am interested in EMR in general, but as I'm actively working in this
space, I suggest we focus on broader security applications. When I look at
my alerts from USCERT a larger issue affecting the entire Enterprise
infrastructure is phishing and zero day issues. I'd rather see more
examination on what existing standards are in need of review given the
current rate of penetration.


With Regard,

Kronah Wood, CPhT
Metapolymath, LLC
PO Box 19236
Lenexa, KS 66219-9236
+1.2139158297

Sent from Mobile






On Sat, Jul 31, 2021, 10:43 AM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
>
> On 31/07/2021 16:17, Carsten Bormann wrote:
> > I don’t understand why the fact that governments buy inane
> > applications (*) should prevent us from thinking about this space.
> Nor would I. Luckily that wasn't my argument.
>
> For international travel: we're not needed.
>
> WRT feature creep: we shouldn't help.
>
> For those reasons, IMO the IETF shouldn't touch this topic
> with a barge-pole.
>
> WRT incompetent implementation: it's slightly useful to name
> and shame.
>
> S.
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.8.7 | Report a Bug | By Email