Re: [Secdispatch] [saag] Interest COVID-19 'passport' standardization?
Dirk-Willem van Gulik <dirkx@webweaving.org> Fri, 30 July 2021 21:39 UTC
Return-Path: <dirkx@webweaving.org>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B07293A120C for <secdispatch@ietfa.amsl.com>; Fri, 30 Jul 2021 14:39:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HEGkbrnREke3 for <secdispatch@ietfa.amsl.com>; Fri, 30 Jul 2021 14:39:35 -0700 (PDT)
Received: from weser.webweaving.org (weser.webweaving.org [148.251.234.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0E5E3A1204 for <secdispatch@ietf.org>; Fri, 30 Jul 2021 14:39:33 -0700 (PDT)
Received: from smtpclient.apple (77-63-38-235.mobile.kpn.net [77.63.38.235]) (authenticated bits=0) by weser.webweaving.org (8.16.1/8.16.1) with ESMTPSA id 16ULav39033922 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 30 Jul 2021 23:36:58 +0200 (CEST) (envelope-from dirkx@webweaving.org)
X-Authentication-Warning: weser.webweaving.org: Host 77-63-38-235.mobile.kpn.net [77.63.38.235] claimed to be smtpclient.apple
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
Message-Id: <66D90DC4-9BCF-4279-868E-61D5731EC2A4@webweaving.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8494C909-B4CF-48B7-A22E-9DDEDD023388"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
Date: Fri, 30 Jul 2021 23:35:57 +0200
In-Reply-To: <CABcZeBNsjFaG9HZJ+0f3Czyikt3zpDkguveBh5id2rCHNNeAZg@mail.gmail.com>
Cc: Henry Story <henry.story@gmail.com>, IETF SecDispatch <secdispatch@ietf.org>, IETF SAAG <saag@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <CAE1ny+4QdmSJS-spV6Do5yDs1x3iAwyHdSx=Oa+cRXU+ESZ2nA@mail.gmail.com> <CABcZeBO56B0YwEm5dbyp1=L_TN+EemoqGt6xDCPzMDRboDZVUw@mail.gmail.com> <7F5A47B0-4E26-4C51-AA21-6A6038A80A95@gmail.com> <CABcZeBNsjFaG9HZJ+0f3Czyikt3zpDkguveBh5id2rCHNNeAZg@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (weser.webweaving.org [148.251.234.232]); Fri, 30 Jul 2021 23:36:59 +0200 (CEST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/cH1yJQv70xWVABRRTlr_BmTnZEw>
Subject: Re: [Secdispatch] [saag] Interest COVID-19 'passport' standardization?
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 21:39:40 -0000
On 30 Jul 2021, at 23:23, Eric Rescorla <ekr@rtfm.com> wrote: > On Fri, Jul 30, 2021 at 2:19 PM Henry Story <henry.story@gmail.com <mailto:henry.story@gmail.com>> wrote: > The knowledge about the virus and the responses to it are evolving > very quickly, and so the flexibility of W3C Verifiable Credentials > comes in very handy here, as it is built on semantic web standards > built on top of first order logic, hypergraphs, and designed for > decentralisation, and evolvability. > > I don't really agree with this claim. Some of the proposals here use > VC and some do not, but they all seem roughly equally capable and > flexible to me. From an implementor/designing perspective (both the NL domestic version -and- the EU DCC version) — and although we tried very very hard - the absolute need for totally off-line use & preventing surveillance*, also, or especially by the issuing entities (or blind trust in) combined with the inflexible state of the available semi-usable VC implementations and the very strong desire to have nothing ‘central’ and no ‘central trust’ - had us gradually evolve to something not quite VC. Despite this being the stated goal. So I think we have some useful lessons learned w.r.t. the importance of off-line / totally local validation. Dw *: e.g. spiked certificates with something unlikely to be cached or requiring a very unique lookup/OCSP, etc.
- [Secdispatch] Interest COVID-19 'passport' standa… Harry Halpin
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Eric Rescorla
- Re: [Secdispatch] Interest COVID-19 'passport' st… Henk Birkholz
- Re: [Secdispatch] Interest COVID-19 'passport' st… Phillip Hallam-Baker
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Henry Story
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Eric Rescorla
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Dirk-Willem van Gulik
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Dirk-Willem van Gulik
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Harry Halpin
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Dirk-Willem van Gulik
- Re: [Secdispatch] [saag] Interest COVID-19 'passp… Michael Richardson