IETF Logo Mail Archive

Re: [Privacy-pass] Issuer directory representation (#369)

Christopher Wood <caw@heapingbits.net> Mon, 26 June 2023 12:56 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 127CAC14CF0C; Mon, 26 Jun 2023 05:56:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="J6Mq5CAC"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="CBnmipKQ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hO2Q_QaDF2nC; Mon, 26 Jun 2023 05:56:40 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65465C151087; Mon, 26 Jun 2023 05:56:40 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 42B4E5C0110; Mon, 26 Jun 2023 08:56:39 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 26 Jun 2023 08:56:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm2; t=1687784199; x=1687870599; bh=tyIBR4o8cfFIS1ko2ptX/Md5d 8+/NGYwq+RcW0oXClU=; b=J6Mq5CAC9aao8ceq8Fkog2mE8BiAvy7hIrusY2P3s 3UaH/AlAccdM2T6fHXqNkCmCZsxdUoh5Fw3xu6VHoYozto1FnIcDfBmJtHcSj7g7 uCgUKQdslLuHs0yS2Ivo/0pUddvIa6DlPJ50J+0TZ/sh0rn8iyX69Dd9yXAxU+PU YuYQBwaWYwTVCMPuQkNFghe40DpiCrFIqhdQGitjyT2lU7KfMSQL+IyqK1VaDssL hzNXiHdsWbWFxFI1eNIOWhY9tQbB3/hkt0hsslwC6WoqDuXxMewwvUpst5pVIz+F kFlbe4sPLitIfrufClHGXqOzub+go/Pdt7amYoZYLIrDg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1687784199; x=1687870599; bh=tyIBR4o8cfFIS1ko2ptX/Md5d8+/NGYwq+R cW0oXClU=; b=CBnmipKQUYyfx+p4Kg38q8RvF8m3fYE/SLWYnLxYqJ6g46aEYJ2 gnH9m8iTWWuFB40MsgJq++Rl5DdaAQiXRfR59F5qUVrNMFkQ3+xbwHU43pTi6kcM AYKyKYWvgLH2qFgZRborl5qINvUB3/Vj+gpnoA9voAmwe0vmpBTtiFoml3btzyO1 wUE22tzrl1ICaPaAvfP/6TV9S/W1MqSZz544e6oy0Qpk4/aNF8JIIDd0t16koZ68 C9jEvjBBEk5C/YHzsjA1ktxXIeVMSy9k2MnORVP1MNHXkhgIbiBonnUATtc27qG0 vYc66hqoKGXMXHOFcd8ZjIFNyHYrr4VFwlw==
X-ME-Sender: <xms:B4uZZO-iBe0XmJDnwgOHNDuCDPh3OYY0mOXdYwFQGm2a1EA-irY6AA> <xme:B4uZZOs1E7ocYT9yv6fAKilLsoRDAAfslWLXna7wj0fUE7P7mDpEQWIdPn8D3i4Qw J9WWogJm3mu3u64muQ>
X-ME-Received: <xmr:B4uZZEBvo_K72E_bm7QtwOwfR1M8ML1w6V2xjRUMsKMQD_bt3L_nTbDrUg3zVmxPBUB_qOOnW4vv7Pcy2bRPsgAZxVfi6poQ62ldvunUMuNyQTS00XpClA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgeehfedgheehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffvefgkfhfvffosehtqhhmtdhhtdejnecuhfhrohhmpeevhhhr ihhsthhophhhvghrucghohhougcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvghtqe enucggtffrrghtthgvrhhnpeffudetlefhhedtleeuteeuueehkeefffdtgeefvdetveeh jefgheevfeetgedvvdenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgs ihhtshdrnhgvth
X-ME-Proxy: <xmx:B4uZZGdKbXmeWJ_VBEaTmCkQ7043NqTyRO82-QFcZcEkBes8RE6IXQ> <xmx:B4uZZDP8mAk7eZhd4zb_IADfI0x_lawGcoyRgNG1F39MMBLN-uAbYw> <xmx:B4uZZAnQo8IMCQ_aViOqI7kKs2j1p0r5iW4ad9wGPKzFdimgz_Rd6Q> <xmx:B4uZZMrNSGM0omYm6xlqsZ8UniaGSTF6CwGDF9PPYQDxY9HETV8M-Q>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 26 Jun 2023 08:56:38 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\))
From: Christopher Wood <caw@heapingbits.net>
In-Reply-To: <C46CC5CB-24E1-47FC-BC43-92F1727B3B0C@heapingbits.net>
Date: Mon, 26 Jun 2023 08:56:38 -0400
Cc: Colin Bendell <colin@bendell.ca>, Eli-Shaoul Khedouri <eli=40intuitionmachines.com@dmarc.ietf.org>, privacy-pass@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7AD8C944-B90C-4C89-A679-811A244CF722@heapingbits.net>
References: <382108BA-762E-4F5F-A128-3C8682B3F928@apple.com> <C46CC5CB-24E1-47FC-BC43-92F1727B3B0C@heapingbits.net>
To: Tommy Pauly <tpauly@apple.com>, privacypass-chairs@ietf.org
X-Mailer: Apple Mail (2.3696.120.41.1.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/168l1aQQo7ZWOnw7I9jepVHzuQ0>
Subject: Re: [Privacy-pass] Issuer directory representation (#369)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2023 12:56:45 -0000

To close the loop here, we published a new version that included #381. All outstanding issues are now resolved.

Chairs, can we please move this forward?

Thanks,
Chris

> On Jun 16, 2023, at 7:51 PM, Christopher Wood <caw@heapingbits.net> wrote:
> 
> 
> On Jun 16, 2023, at 6:12 PM, Tommy Pauly <tpauly@apple.com> wrote:
>> 
>> 
>> 
>>> On Jun 16, 2023, at 11:13 AM, Colin Bendell <colin@bendell.ca> wrote:
>>> 
>>> 
>>> 
>>> On Fri, 16 Jun 2023 at 13:07, Christopher Wood <caw@heapingbits.net> wrote:
>>> 
>>>> On Jun 16, 2023, at 12:58 PM, Colin Bendell <colin@bendell.ca> wrote:
>>>> 
>>>> 
>>>> 
>>>> On Thu, 15 Jun 2023 at 19:28, Christopher Wood <caw@heapingbits.net> wrote:
>>>> To hopefully close the loop in this, I put together this PR that conceptually lifts the concept of key commitments from PSTs into the current Privacy Pass issuer directory:
>>>> 
>>>> I initiated this thread after contrasting the similar key-sets exposed forPrivacyPass and Private-State-Tokens. As an outsider here, I'd like to see PrivacyPass expand the set of tokens so that PST can remove the definition from the W3C spec and depend exclusively on the PrivacyPass definition. To this end, the issuer directory should also include:
>>>> * expiry
>>>> * batch-size
>>>> * key-id / version
>>> 
>>> I think expiry information can be inferred from the resource’s cache control directives, 
>>> 
>>> I think you missed my comments below. 
>>> 
>>> As I said, the http cache-control only describes the document's lifecycle. Two main issues:
>>> 
>>> 1. The directory might have a TTL, but that doesn't reflect the specific age of each entry. What TTL should you set for a directory of 100 keys with a rolling 60 day offset for expiration? I think what you are assuming is that the CC should be 60 day and then the expired entry just disappears magically leaving 99? The challenge of course is that this doesn't give any signal to the consumer which key is nearing expiration relative to the other keys.
>>> 
>>> 2. The TTL from Cache-Control does not cleanly map to an expiration date/time since you need to depend on other transient details. (This is a classic problem of the interdependence of the Age, Date and Cache-Control headers). For an infrastructure operator, certificates are expected to have a fixed date/time for expiration and when the cert will be removed from rotation. This provides assurances of a token that is issued and when to expect that the token should expire. Just depending on the cert to be 'removed' from the directory is a surprising behavior for certificate change management processes.
>>> 
>>> Further, as I mentioned below, in the PST case, the specific expiration of a key is used in the selection process in the client-issuer communication. In PST, the UA uses 6 keys with the longest expiry date. Only tokens issued from this 6 can be added, while previous tokens are permitted. (I'm not sure how strong this argument is, since I'm not sure how much of a priority it is to converge the W3C / IETF variations. As an outsider, it would be nice if these spec's did align. Allowing for these directory attributes would pave a way to simplify the W3C spec. IMHO of course)
>> 
>> A meta-comment here:
>> 
>> There shouldn't be any “variants” between the W3C and IETF — any extensions for the web that W3C does should be built upon Privacy Pass, but not something in contradiction to it. All of these other deployment models (like what is proposed in PST) are just ways to instantiate Privacy Pass, and should align with privacy pass as a standard.
>> 
>> In this case, of course other specs can add recommended keys to add to a JSON dictionary (that can still align), or we could define “not-after” while we’re defining “not-before” and just be done with it.
> 
> Given that we have not had a need for not-after with current deployments, I suggest punting this to a future document. The cache control directives have been sufficient so far. Let’s not add complexity when it’s not yet needed. 
> 
> Best,
> Chris 
> 
>> 
>> Tommy
>> 
>>> 
>>> and version is implied from the list of keys in the directory. That leaves key ID and batch size. The former is computed directly from the public key, so we don’t need to redundantly include it. The latter could be included as an optional parameter for issuance protocols that want to communicate this hint to the client. That parameter could even be included in the batch token issuance spec (https://datatracker.ietf.org/doc/draft-robert-privacypass-batched-tokens/). 
>>> 
>>> Ah! Why not merge the support for batch-tokens into the type=1 definition? I had assumed this was the intention since VOPRF BlindEvaluate function (draft 21) already allows for individual or arrays of elements. The only gap then is the TokenRequest & TokenResponse structs (and possibly adding ristretto255-SHA512 ) This is probably a different conversation though. The cross-over is the necessity to specify the batch-size in the issuer-directory.
>>>  
>>> 
>>> So altogether I think we’re covered?
>>> 
>>> Best,
>>> Chris 
>>> 
>>>> 
>>>> Expiration is important for PST because it is used by the UA to select from a set of possible keys. HTTP Cache-Control does not serve the same function as a certificate expiration. The cache-control header reflects the ttl of the directory, but the expiration for each public key. If we were to use HTTP cache policies, all public keys would be treated as if they had the same expiration. 
>>>> 
>>>> Batch-Size is interesting for VOPRF workflows where the issuance request includes multiple nonces. In this case the compute work for the issue request needs to be known apriori. Can the issuer handle 1 or 10 or 100 token batches?
>>>> 
>>>> key-id or version is not needed for the protocol, but as a dev ergonomics it is nice to have a common implementation. Is it called 'version' or 'id' or 'key-id'?
>>>>  
>>>> I think we can pursue alternative representations separately.
>>>> 
>>>> Sounds good. 
>>>> 
>>>> /colin
>>> -- 
>>> Privacy-pass mailing list
>>> Privacy-pass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/privacy-pass
>> 
> -- 
> Privacy-pass mailing list
> Privacy-pass@ietf.org
> https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email