ineiti
commented
4 years ago From @wouterl:
POST /v2/gaen/exposed
Binary encoding of countries is looking good. Thx. However, this API includes the implicit design decision that the list of visited countries applies to all keys (rather than per key). This design decision makes sense to us for two reasons:
- Detailed per-day travel information is not available from the current UI.
- For simplicity the UI should probably also not aim to request this information.
DONE: Documentation Request: This design choice must be documented either in the code or in the technical specification. For now we ask you to please include a paragraph in the code so that we remember later on when writing the spec.
GET /v2/gaen/exposed/{country}/{since}
Requesting once per visited country implies that the user reveals:
- That they traveled
- Where they traveled
We would therefore prefer that the countries visited is a parameter to the query. Using a similar encoding for exposed, to protect which/how many countries we would have a list of countries with a 0/1 value. (Different options: "countries=NL+DE+CH+XX+XX+..." or as a JSON data blob that gets send with the GET request.) Then we will need to pad the answers back to hide travelers and destinations. We are working on the scheme, please give us a couple of days do design the correct scheme.
In the mean time, we suggest that the return format accounts for returning different files per country and has a padding field where we can add a random string. This padding string should be ignored by the app, but allows us to increase the size of the response to the right value (to be determined).
sonarcloud[bot]
martinalig
Key sharing with country code and shared flag:
This allows that clients can always send the full list of countries that are configured and setting the share flag for each country. This makes sure that fake upload requests can not be distinguished from non-fake uploads