Re: [saag] Interest COVID-19 'passport' standardization?

denis bider <denisbider.ietf@gmail.com> Mon, 02 August 2021 10:51 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E3CB3A182E for <saag@ietfa.amsl.com>; Mon, 2 Aug 2021 03:51:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-U0E5Z3bDRj for <saag@ietfa.amsl.com>; Mon, 2 Aug 2021 03:51:50 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7618E3A1830 for <saag@ietf.org>; Mon, 2 Aug 2021 03:51:50 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id j18so13004529ile.8 for <saag@ietf.org>; Mon, 02 Aug 2021 03:51:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ABeiS9wE7G/gqhp1CepPDuXSyS/mwLx52UMJNy3MZYw=; b=MAKBx+7vdTLkVUgjgRJCMiNbZeo+vZ5jpEp+QGCulNYXEoR00GGPP18y157Mv+PTO0 YyOTH12/EtocquWAAunEyTd8JB15D38JC2T+hroShIkENN07WcyXf7l+n+h9BHwweL5/ M8UJplxfju6Ztjl5A0hcQvMZwVjN+OJL9rapoJkyfs9dxXWw+Vv4UleoFyo/XyusdHOb uzD4WPwWHDMydgg/Pf7itPVyzqgycG+2qbhsM0o4uOwTctWYnnpfRW4I5kUOF4oPxLPo Ixc7Eu4dyNQh+LYsONmR+xAwojflDl+Qnpg+fgsrVBeGQIQjZgwDJgA0zUJ9r0XmhsBa ZCkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ABeiS9wE7G/gqhp1CepPDuXSyS/mwLx52UMJNy3MZYw=; b=txtmd/SSILWmhjFdoxs0R8Oq3Bo5DTeKobJCP2N5XlWE1vdYRx5GEk/Mqj0CecR5IM Kkl/QGu8H0WFb4kvcvse7Tw8vjh4JQZoY+ZtvxrGPm0mS9TtOkZzuXVg9CwrBkj2jKRx uPwYR1Py/WIHbJHf5XXnTe95wW9e8CHdBZbZSZmYiRecZwvceK8NZRMpr+xH7V9H2aju UKFbIJN0UN2EI+uwLJmEHFCJthtSrNo9d8hz7KZDhkU+BeKv2WZMj5hwXa2YR6p63MA3 KOs3hNdUEFZdVXxNetuEJXKgMgRXJo/YnN5TCsd6c0vRRsCCu8Fq7T3Yk9HSwnMSvJ5A tRlA==
X-Gm-Message-State: AOAM533OSD7HxR3qTA45T8UHzpO3M0NGsVlycJXZV0+q3bbDJqFvCrkT 0bDy/C6qcyu7cjjiSv530XQ+QcE4R4CfpCYG4mk=
X-Google-Smtp-Source: ABdhPJzD6Vq7/NtkBIOQS216qdsXdb+fn0tZfdmg0JUFT3qPnHxOWBljL6lP1TEmHA1N2LdVyjz0Dj8IBPcGTzgi4KM=
X-Received: by 2002:a05:6e02:1354:: with SMTP id k20mr1401432ilr.169.1627901509211; Mon, 02 Aug 2021 03:51:49 -0700 (PDT)
MIME-Version: 1.0
References: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com>
In-Reply-To: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Mon, 2 Aug 2021 05:51:38 -0500
Message-ID: <CADPMZDBu2cbtWk7Y4YMKXOWXQoKsBkAD9D1AuC_Rp+9xHawX7w@mail.gmail.com>
To: Harry Halpin <hhalpin@ibiblio.org>
Cc: saag@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dnUojIRrv8GIZdU5jD5wWKrplNI>
Subject: Re: [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 10:51:56 -0000

Covid-19 vaccine passports are the stupidest, most oppressive shit
that needs to be resisted at all levels.

Given information we have now, I cannot respect anyone who still
accepts any of the Covid-19 vaccines.

The vaccines do NOT stop transmission. They do NOT reduce deaths. They
just redistribute deaths from average age 80+ with comorbidities, to
younger people by giving myocardial infarctions to children and young
adults.

There is no medical justification to force these vaccines on anyone.
Individually, there is no benefit given the information we already
know, for nearly anyone, in nearly any risk group.

For a healthy individual to accept these vaccines is stupid. For
governments and businesses to force them on people is monstrous and a
crime against humanity.

Long-term, we do not know anyone who survived 2 years or more after
taking these vaccines. Please try to refute that statement.

Anyone who conducts work that enables the forcing of these vaccines,
and the arrival of mandatory vaccine passports, is a Dr. Mengele and
should expect a trial before a tribunal with penalties up to and
including death.

I am serious. Do not do these fucking things.

On Fri, Jul 30, 2021 at 1:17 PM Harry Halpin <hhalpin@ibiblio.org> wrote:
>
> Everyone [and apologies if you already got this message on CFRG or SECDISPATCH],
>
> While the research community and industry was very quick to work on privacy-enhanced contact tracing, I've seen very few people taking the much more pressing issue of COVID-19 passports.
>
> If this IETF111 was in person, we could have done an informal BoF, but as its' not, I'm sending out an email to gauge interest.
>
> I've earlier seen some very badly done academic work using W3C "Verified Credentials" and W3C Decentralized Identifier (DID) standards [1]. However, while a bunch of sketchy blockchain technology has not been adopted (so far, although I believe IATA and WHO are still being heavily lobbied in this direction), there has been the release of the EU "Green" Digital Credentials that actually uses digital signatures.
>
> However, there's a number of problems:
>
> * No revocation in case of compromise
> * Privacy issues, i.e. leaking metadata
> * Limited key management (booster shots might require)
> * No use of standards for cross-app interoperability
>
> Furthermore, there appears to be differences between countries, and some countries do not use cryptography at all (the US). Therefore, as an American in France who flew home ASAP to get vaccinated in the US, as a consequence of this lack of interoperability I can't travel on trains or eat at restaurants easily, despite being vaccinated. I imagine this will become a larger problem.
>
> I have a report I'm willing to share, but I'd first like to know if there's any interest in standardization on this front at the IETF despite this topic being, I suspect, a bit of  astretch of our remit. However, we live in interesting times.
>
> I don't think the W3C (or the ITU, etc.) has the security expertise, and while the crypto and security/privacy here is pretty simple, I think it should happen somewhere.
>
> While I originally polled it by CFRG IRTF to see if there was any interest whatsoever, Benjamin Kaduk pointed out SAAG and SECDISPATCH would be better places to start. I'd like to know what others think.
>
>           yours,
>              harry
>
> [1] https://arxiv.org/abs/2012.00136
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag