dcale
commented
4 years ago @gagarine yes, there are a couple of approaches possible:
- have it signed by a medical authority like you are mentioning it
- works with a master seed generating OTP's that can be used as access tokens
"1." would be the more "decentralized" approach because you don't have a central authority allowing/disallowing based on an access token.
gagarine
Issue #2 was about spam in general. But I think the new architecture using key exchanges solve a lot of things https://github.com/AndreasGassmann/WeTrace#privacy . Being in contact only allows those two users to exchange informations in a secure mater (as a side note this could lead to a lot more functionalities, like private messages).
The remaining question for me is how to ensure a positive test message being broadcasted is valid information (that the person is really infected). One proposition is that only specifics third-party (doctors, hospitals, trustable institutions) could do that.
It remains unclear for me how to do it technically. My guess is the broadcasted message (encrypted with the user key) could be signed by one or multiple third parties. Is that make sense?