IETF Logo Mail Archive

Re: [saag] Interest COVID-19 'passport' standardization?

Henry Story <henry.story@gmail.com> Mon, 02 August 2021 13:48 UTC

Return-Path: <henry.story@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A78C43A1EFA for <saag@ietfa.amsl.com>; Mon, 2 Aug 2021 06:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sVwNbOb8mgHJ for <saag@ietfa.amsl.com>; Mon, 2 Aug 2021 06:48:52 -0700 (PDT)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C8E83A1EF8 for <saag@ietf.org>; Mon, 2 Aug 2021 06:48:51 -0700 (PDT)
Received: by mail-wr1-x429.google.com with SMTP id z4so21597336wrv.11 for <saag@ietf.org>; Mon, 02 Aug 2021 06:48:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=utGyDwtWqYmGkFlD7XLWzFGwetK5kfDXdc8G1nub3jo=; b=k1SbLfyeHMM/bhCgm6zRL1mUFkEeqfhcKqRFrZ6+wI42+1cJYxljeJ7WeDNxlQvwxZ BY8sKIZzX7qra7gVplY1T3QTe44GR5S1g0sxSMiyq+Y/Px43nHO1GJ+CRMT/Gcsxeai4 MAV8A0lEtGC5H0CQ7JOZTGBzzPCMAGzauPZolQ3nkqFUAzjkMHMku+wJb+jHRhEM0Agq ftsiHt/F6NPJnzORN0826+QSLqFJ4/zrE575goLsLboayaAh4opjFzfxLPGF3X0EnZGz eQ54AZ4CobgTkh6FX/L+H0GuhcPGopvJu5/tN+KICGLLbprrWnA84q9/6hkwnxG50etT Tkwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=utGyDwtWqYmGkFlD7XLWzFGwetK5kfDXdc8G1nub3jo=; b=nFEvfRyD+0OX08U00q9uonANV+UvoG0mH4q8gY+i/jfpLuPa97LOdI8QeBB4++ud3A 5IsLmnWgeOEbE2zDGrQEAcsQdoKipeIrzEi9zQVyykw/p6lIkhYAex6QZXfE1qActuf8 DIcwijTuAQr65PdI8Tli703KyC1BBw+CnE1cAb2cGBvS4VuGfkHGMPtoZ8LnCx/MA2rf s/FEAGUiNO8LlAxli6klOlHqo22Pi+T0qVehlyBXz7NCQpepvqecWbm1V7+IUTG7ql8b iU9IfL/n40E2UCsSYZsJV02JzCeQ+Ev/JpAFCJrt4v4kqRxJCmvye2tG8KFALTkhMPBE VS9Q==
X-Gm-Message-State: AOAM530zllxcCtC0y1DPP8Dey2oOQ/SDbhwx+GBR2v8UobYoueAizWg6 G4zqPGdth9gyurc1X7N8Q0Q=
X-Google-Smtp-Source: ABdhPJzTBALi71SxqX7CFtZY3ddGndKJjimOzzVEzaH7NG3i8mZfpqq3DNBh+5qOp8fhyo8IXJDPPQ==
X-Received: by 2002:adf:f287:: with SMTP id k7mr17217275wro.206.1627912125137; Mon, 02 Aug 2021 06:48:45 -0700 (PDT)
Received: from smtpclient.apple (p200300cf1704c50015322da6acbe54f8.dip0.t-ipconnect.de. [2003:cf:1704:c500:1532:2da6:acbe:54f8]) by smtp.gmail.com with ESMTPSA id k186sm12432328wme.45.2021.08.02.06.48.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Aug 2021 06:48:44 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3686.0.1.2.1\))
From: Henry Story <henry.story@gmail.com>
In-Reply-To: <360C07DB-2B3A-4CDF-9747-31D2FCBABFC4@tzi.org>
Date: Mon, 2 Aug 2021 15:48:43 +0200
Cc: IETF SAAG <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <694BDBBC-BBFC-4252-A102-3BF7D4870363@gmail.com>
References: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com> <CADPMZDBu2cbtWk7Y4YMKXOWXQoKsBkAD9D1AuC_Rp+9xHawX7w@mail.gmail.com> <E0FDB1EE-256D-4925-9EE7-49DE212BFF02@gmail.com> <360C07DB-2B3A-4CDF-9747-31D2FCBABFC4@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: Apple Mail (2.3686.0.1.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/YArKyjhVl6z7kxe1eveeljAF9P0>
Subject: Re: [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 13:48:57 -0000


> On 2. Aug 2021, at 15:26, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On 2021-08-02, at 13:41, Henry Story <henry.story@gmail.com> wrote:
>> 
>> In the end we are all going to get it: vaccines rollouts are indeed aiming 
>> at doing just that. So that is why I would not be that worried about privacy 
>> with such Credentials. 
> 
> I’m not sure that I understand what you are saying.
> 
> Clearly, the DGC is a privacy disaster: To enable checking that it actually pertains to me, I need to present some government ID, which reveals my wallet name (and often much more information).
> 
> Since we don’t have any other way to link the DGC to a physical person except via (the tenuous link of) a government ID, there was no other way to get the DGC out quickly.
> 
> But I sure hope there will be a 2.0 process at some point that doesn’t automatically reveal all the information on my government ID.
> 
> This is not a theoretical concern, as I may need to use my DGC to get access to a place where I’d definitely want to use directed identity.

yes, as I mentioned in my previous answer to Dirk in the last hour, I meant
that long term, data about who had the virus is not going to be that valuable, 
as most people will end up contracting it, and at some point the interest in
it will also we hope fade.

But I agree that one does not want the issuer to be able to track where you
present it. 

At the same time the person looking at it (say in a restaurant
or gym) wants to know that you did not borrow your friends phone. 
So that is makes for quite a tricky set of requirements.

Note, there are even crazier things going on. In Germany - or at least Bavaria -
there has been a requirement to wear an FFP2 mask in public spaces (though not on
the street). Professionals in the film industry (such as those who worked on making 
the film on Snowden) used to be limited to wearing those to at most 90minutes or so, 
for health reasons: I guess breathing in your own air is not such a good idea.
Now children have been having to wear these all day in school, as well as people in
the service industry. So you’d think that there would be an explosion of 
research in how to build better healthier masks. 

That reminds me of Dali’s 1936 exhibition stunt ”Authentic Paranoid Fantasies” 
where Dali went to his exhibition dressed in a deep sea diving suite. He later wrote:

> I had determined to give a talk during the exhibition in a diving suite as a representation of the subconscious. I was placed in the armor and even fitted with heavy lead shoes, making it completely impossible for me to move my legs. I had to be carried onto the stage. Then they placed the helmet on my head and screwed it tightly shut. I started my talk behind the thick glass in front of a microphone that clearly could not record anything. Nevertheless my mimicry fascinated the public. Soon though I ran out of air, my face turned red, then blue, and my eyes turned upwards. Clearly they had forgotten to provide me with access to air, and I was close to asphyxiation. I signaled to my friends through desperate gestures that my situation was becoming critical. One of them ran for some scissors and tried without success to puncture the costume; another one tried to unscrew the helmet, and as that did not succeed he started banging on the screws with a hammer… Two men tried to tear off the helmet and a third one continued whacking the metal so hard that I nearly lost consciousness. 
> On the stage one could only see a mass of wildly moving hands, from which I emerged now and again like a dismembered puppet, and my helmet sounded like a gong. The public applauded heavily to this successful Daliesque melodrama, which in their eyes clearly represented how consciousness was trying to communicate with the unconscious. I though nearly died during this triumph. As they finally ripped off my helmet I was as white as Jesus as he returned after his forty days of fasting from the desert.

There is a picture to go with that that story which I put up on the blog on co-immunology which I wrote up last year
https://blog.usejournal.com/co-immunology-and-the-web-43379b46688e

> 
> Grüße, Carsten
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

v2.8.7 | Report a Bug | By Email