Re: [saag] Interest COVID-19 'passport' standardization?

[Henry Story <henry.story@gmail.com>]

> On 2. Aug 2021, at 12:51, denis bider <denisbider.ietf@gmail.com> wrote:
> 
> Covid-19 vaccine passports are the stupidest, most oppressive shit
> that needs to be resisted at all levels.
> 
> Given information we have now, I cannot respect anyone who still
> accepts any of the Covid-19 vaccines.
> 
> The vaccines do NOT stop transmission. They do NOT reduce deaths. They
> just redistribute deaths from average age 80+ with comorbidities, to
> younger people by giving myocardial infarctions to children and young
> adults.
> 
> There is no medical justification to force these vaccines on anyone.
> Individually, there is no benefit given the information we already
> know, for nearly anyone, in nearly any risk group.
> 
> For a healthy individual to accept these vaccines is stupid. For
> governments and businesses to force them on people is monstrous and a
> crime against humanity.
> 
> Long-term, we do not know anyone who survived 2 years or more after
> taking these vaccines. Please try to refute that statement.
> 
> Anyone who conducts work that enables the forcing of these vaccines,
> and the arrival of mandatory vaccine passports, is a Dr. Mengele and
> should expect a trial before a tribunal with penalties up to and
> including death.
> 
> I am serious. Do not do these fucking things.

Heh. Nice to have a strong position like that. :-)

Of course all tools are double edged, right since Prometheus stole the
fire from the Gods to give it to us mortals, for which it is well known
Zeus punished him to eternally be tied to a rock, and every day have
an eagle eat out his liver. 

  https://en.wikipedia.org/wiki/Prometheus

Cars kill people, medicaments too, and so does sugar and food when
eaten in unhealthy quantities, a problem in many countries ever
since industrialization made foods cheap and available. 

Societies counter such problems by creating cultural antibodies through
education: one has to learn to eat less in a society such as ours, one
has to learn to drive carefully to not kill people (and for that we have
developed tests such as drivers licenses), and it is not advisable to
get drugs prescribed by some dude on the corner of the street: we have 
certified doctors and apothecary’s for that.

I agree also that one should not force people to be vaccinated. Some people
react very badly to them: I heard a story this week in our town here.

But Verifiable Credentials could also be used to hold a ”proof of not
having the virus at time T” if needed, or even a proof of having had it, 
which should be as good as having had a vaccine. 

In the end we are all going to get it: vaccines rollouts are indeed aiming 
at doing just that. So that is why I would not be that worried about privacy 
with such Credentials. Furthermore, not everything in a credential needs to be private:
certainly not the id of the signing authority as they are making the claim,
and need to be known as capable of making them. 

Note that privacy *is* really important criterion for any tracing app, which 
have already been rolled out, btw independently of certificates.

So just as with the virus, it’s all very complicated. 
A year ago, I spent way too long studying this. Some of my thoughts
then were collected in ”Co-immunology and the web”

https://blog.usejournal.com/co-immunology-and-the-web-43379b46688e

Hope that helps,

Henry

> 
> On Fri, Jul 30, 2021 at 1:17 PM Harry Halpin <hhalpin@ibiblio.org> wrote:
>> 
>> Everyone [and apologies if you already got this message on CFRG or SECDISPATCH],
>> 
>> While the research community and industry was very quick to work on privacy-enhanced contact tracing, I've seen very few people taking the much more pressing issue of COVID-19 passports.
>> 
>> If this IETF111 was in person, we could have done an informal BoF, but as its' not, I'm sending out an email to gauge interest.
>> 
>> I've earlier seen some very badly done academic work using W3C "Verified Credentials" and W3C Decentralized Identifier (DID) standards [1]. However, while a bunch of sketchy blockchain technology has not been adopted (so far, although I believe IATA and WHO are still being heavily lobbied in this direction), there has been the release of the EU "Green" Digital Credentials that actually uses digital signatures.
>> 
>> However, there's a number of problems:
>> 
>> * No revocation in case of compromise
>> * Privacy issues, i.e. leaking metadata
>> * Limited key management (booster shots might require)
>> * No use of standards for cross-app interoperability
>> 
>> Furthermore, there appears to be differences between countries, and some countries do not use cryptography at all (the US). Therefore, as an American in France who flew home ASAP to get vaccinated in the US, as a consequence of this lack of interoperability I can't travel on trains or eat at restaurants easily, despite being vaccinated. I imagine this will become a larger problem.
>> 
>> I have a report I'm willing to share, but I'd first like to know if there's any interest in standardization on this front at the IETF despite this topic being, I suspect, a bit of  astretch of our remit. However, we live in interesting times.
>> 
>> I don't think the W3C (or the ITU, etc.) has the security expertise, and while the crypto and security/privacy here is pretty simple, I think it should happen somewhere.
>> 
>> While I originally polled it by CFRG IRTF to see if there was any interest whatsoever, Benjamin Kaduk pointed out SAAG and SECDISPATCH would be better places to start. I'd like to know what others think.
>> 
>>          yours,
>>             harry
>> 
>> [1] https://arxiv.org/abs/2012.00136
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag