IETF Logo Mail Archive

Re: [saag] Interest COVID-19 'passport' standardization?

Tim Bray <tbray@textuality.com> Mon, 02 August 2021 15:33 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5728C3A0A53 for <saag@ietfa.amsl.com>; Mon, 2 Aug 2021 08:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.297
X-Spam-Level:
X-Spam-Status: No, score=-1.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=textuality-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bX3lYJ3zussU for <saag@ietfa.amsl.com>; Mon, 2 Aug 2021 08:33:40 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C9F3A0A51 for <saag@ietf.org>; Mon, 2 Aug 2021 08:33:40 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id p38so19504624lfa.0 for <saag@ietf.org>; Mon, 02 Aug 2021 08:33:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tttHyC4PCGJLk/n6Rfa29iow7OtKDmurqTjWoTdL9+s=; b=dEDtkOwOVsVFoWisgLFkjDEV7vyEz8GgnepKLSTaZN2XPOWeuP+s/34qDEZYbyCare NFBTD9mbfMoSNMrU1nmDqXj0Gupu5oHC+DllQRU3acQPLDOlXXMl+7yIJ+QkgUtsmbtW v5W8PKmxzUY0PIHiVRHuOJ9ba0d6pBwG3u2SqMjncx9yjyZEZIuAP5sHtFiXYWEGSYpL 5oUZfLpP4FH44GiLH+YcvXHYb5h5DGsXbmpCcgGHPktEpVpmrIkoOP7wcpCxIs4bDphH KCxRG4yuZRnDUJzxtLj+MCZzTCQ5st/xELYZk3kwqYsa7XHESwMB3EXsMD0UOCUnMLGH 0Pog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tttHyC4PCGJLk/n6Rfa29iow7OtKDmurqTjWoTdL9+s=; b=oPnAtUC/MRmOoYmSSbA6H1S5MLtLWF4XIzD8fLNbyGLYfzlYRI6rL+mfLIQxRb7RSI Mox1SwsfVV3/SsPkAMnfzE56xh5GGhU643bIcD1WUjDd0WdXBsKsQvriH0WtygABVaOJ huIdcMa+SXRhJXywQWaecCqFscekroXXYGfkEIKTYVHjYv8KxQwdajEP5LmPim5jPpfT QdgSFrfxkImKGKzVzR3+yp+XjvnfYnN0OlCNwTY2XFi2Y77IREEKofBqKLiQygd5Bft/ ri2drLI9o5DvFCrQGzMMESNNVkAvZFH+90d0ti+o3RxLznB8u+XdrrRcYVUx8B89CIoA IxFw==
X-Gm-Message-State: AOAM533L7J8qxCTUTdz7+HGzMUHo5yVD5oD4jAOYh3I3MJPM75K1Y90r 7U4bgQKzpF9oQuhkAPeOKTefJ5pzUZ16TjlOCcK/lQ==
X-Google-Smtp-Source: ABdhPJx3+2y1ZcJA0yyAg3GmYgZYqEepyxJnB8kXzyFQy1LcwyKhNFxYujMgK1UHitQxHYpi8d1nU63pgNBdh8JRjmg=
X-Received: by 2002:a05:6512:3b0:: with SMTP id v16mr12977834lfp.224.1627918417863; Mon, 02 Aug 2021 08:33:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com> <CADPMZDBu2cbtWk7Y4YMKXOWXQoKsBkAD9D1AuC_Rp+9xHawX7w@mail.gmail.com> <E0FDB1EE-256D-4925-9EE7-49DE212BFF02@gmail.com> <360C07DB-2B3A-4CDF-9747-31D2FCBABFC4@tzi.org> <8C67B77C-A2EB-4203-8713-E10CF8A12EEA@webweaving.org> <ecf66a91bb15452cb8e35266ad4f3513@oc11expo23.exchange.mit.edu> <8EC359D8-5D5F-4B26-8EEF-A0E192BAAA00@tzi.org> <CABcZeBOnN96DhE5YQcywUpXZ5xtigXxrcNfQOyjxEdQbd5iXQw@mail.gmail.com> <6185C9F3-B27C-4488-B039-2D9033A1BA10@tzi.org> <CABcZeBPU8JThKq5muXx+8mhtDACu2-ccFo0URi15W2_Oqj2ymg@mail.gmail.com> <CAHBU6isP_086oKbZ7Ai=pqfY4wcQgTLLPxWEEV-FE-1hYk-xDQ@mail.gmail.com> <CABcZeBPpC=eEN3t=MEar5NLzLe0mZuHNkNRHrYuwsfPibhqb1w@mail.gmail.com>
In-Reply-To: <CABcZeBPpC=eEN3t=MEar5NLzLe0mZuHNkNRHrYuwsfPibhqb1w@mail.gmail.com>
From: Tim Bray <tbray@textuality.com>
Date: Mon, 2 Aug 2021 08:33:25 -0700
Message-ID: <CAHBU6iuHHEXFtAJ7aUZJtZBRuqBd7Mh1GdV_T8Ua-HQ2beAh=A@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Carsten Bormann <cabo@tzi.org>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000053d0f05c8954b4b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/kVNwluNkTtybcWvB5E7eJBSoLHM>
Subject: Re: [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 15:33:45 -0000

… and I should have said, I thought the Quebec approach looked pretty
sensible..

I acknowledge that there are some who think that vaccinations are terrible
(they're just wrong) and others who disapprove of vacc passports. But if
there going to be such things, this looks like an ok way to implement them.

On Mon., Aug. 2, 2021, 8:12 a.m. Eric Rescorla, <ekr@rtfm.com> wrote:

> Yeah, this is the same as the VCI ones.
>
> On Mon, Aug 2, 2021 at 8:09 AM Tim Bray <tbray@textuality.com> wrote:
>
>> I found this description of how the Quebec vacc passport works to be
>> interesting:
>> https://mikkel.ca/blog/digging-into-quebecs-proof-of-vaccination/
>>
>>
>>
>> On Mon., Aug. 2, 2021, 8:01 a.m. Eric Rescorla, <ekr@rtfm.com> wrote:
>>
>>>
>>>
>>> On Mon, Aug 2, 2021 at 7:55 AM Carsten Bormann <cabo@tzi.org> wrote:
>>>
>>>> On 2021-08-02, at 16:50, Eric Rescorla <ekr@rtfm.com> wrote:
>>>> >
>>>> > As I understand it, the payload is JSON but the wrapper is a CWT.
>>>>
>>>> The payload is described as being created by converting JSON to CBOR,
>>>> so that’s the appearance of JSON I talked about.
>>>>
>>>> > it's actually quite possible to fit JSON (JWT) in  a QR code however.
>>>> This is what the VCI certs look like.
>>>>
>>>> Of course, as with BER or XML.
>>>> But if you want to have some things in there, it may get tight.
>>>> (Tight enough that DGC also does a step of zlib/deflate, which is
>>>> actually expanding most DGCs :-)
>>>>
>>>
>>> I haven't studied the DGCs closely, but the VCI certificates are JWTs
>>> with the inner payload being straight deflated JSON without any
>>> intermediate encoding.
>>>
>>> -Ekr
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org
>>> https://www.ietf.org/mailman/listinfo/saag
>>>
>>

v2.8.7 | Report a Bug | By Email