[Privacy-pass] Updated WG charter text
Alex Davidson <adavidson@cloudflare.com> Tue, 21 April 2020 15:07 UTC
Return-Path: <adavidson@cloudflare.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E61933A0D9A for <privacy-pass@ietfa.amsl.com>; Tue, 21 Apr 2020 08:07:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TptTyVgDKXos for <privacy-pass@ietfa.amsl.com>; Tue, 21 Apr 2020 08:07:24 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DD193A0DE4 for <privacy-pass@ietf.org>; Tue, 21 Apr 2020 08:00:50 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id i10so16797543wrv.10 for <privacy-pass@ietf.org>; Tue, 21 Apr 2020 08:00:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:mime-version:subject:message-id:date:to; bh=4bLlEKltxUvLIOzgwvncK//4BKXmDE7b6/twB+Iunek=; b=xowKGow4IQy2io1z5mUQoisZ3g98HBC4WIOsEySqfe7KWdG9IUccZQTTSu92LQlPz9 DhRa7DHdsrAIF57AxJyGLGcLz47reuKsn/F2muRFWhgyPhyaM0q48H6wizP+VcI9qLfs dP9Mzx1B7UZk0Vy0TGdyJSxl2/sHvsJFoScBE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=4bLlEKltxUvLIOzgwvncK//4BKXmDE7b6/twB+Iunek=; b=IAO2SrZWaG1THG5aIHBHwoRQt1m4zHNTp0m06MG5p2lFfuoaqnoKuHZCMDUe5QKcZ1 GUo36+gXPv91tTMb2Zq8VvVqxonrYONGywInYGGMI20Cl45o1LUZoXsR41sbmXNmhcng CH0rsKc+d86dmZOC92CPnITxI42b2c+ys6d53Eqz+Gshx3PoZdMFTiE9OFwrLNUnaY/k /mmP/Trjt/9WMcLs0/UlGQiDiBlEDDDlnJWG/U8CaoTUzCKUZgT1+XcA7+/6E9mGVStx 1A+FPTk8Ux6iv1c/67oxc6KmIoAIzL5U1FRc+tvpqSG/auzbGOF8zqUfsOXYMxKXZ1jx Ca2A==
X-Gm-Message-State: AGi0Pua2Cn/7Uf8eowYXGS2szxYKxUrLsC8YRe2ueDJB3E9rr/JnNfP5 UEhsmg/lDUaxRPt+w4rr+VaOr0oQjys=
X-Google-Smtp-Source: APiQypIV+IiRAiZxEO5gmhwKQi6OlmB1yiJglMeYC9iJzi6Fb2jm7Ikj57ZjtSmVHHBrFVGtrxMHwQ==
X-Received: by 2002:adf:e58d:: with SMTP id l13mr25676063wrm.187.1587481239204; Tue, 21 Apr 2020 08:00:39 -0700 (PDT)
Received: from ?IPv6:2001:8a0:7ac8:f600:300d:2bae:dc83:301a? ([2001:8a0:7ac8:f600:300d:2bae:dc83:301a]) by smtp.gmail.com with ESMTPSA id m188sm3754418wme.47.2020.04.21.08.00.37 for <privacy-pass@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Apr 2020 08:00:38 -0700 (PDT)
From: Alex Davidson <adavidson@cloudflare.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_492370A8-3FCF-4F83-B4FC-8590144866C2"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <40600024-A6F1-41D7-B7A8-4B4D7D48201B@cloudflare.com>
Date: Tue, 21 Apr 2020 16:00:36 +0100
To: privacy-pass@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/4-vlcTI09IKo8B0Xtc8MUxGD9t0>
Subject: [Privacy-pass] Updated WG charter text
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 15:07:31 -0000
Hi all, I took the opportunity to write up a new candidate WG charter following the feedback that we have received so far. I’ve submitted the new charter text as a GitHub PR here: https://github.com/alxdavids/privacy-pass-ietf/pull/12 <https://github.com/alxdavids/privacy-pass-ietf/pull/12>. If anyone has any comments/feedback on this version please feel free to add them to the PR. I’ve also pasted the new text below in case anyone wants to raise any points on the mailing list directly. Cheers, Alex p.s. I’m currently working in a personal GitHub repo but I could move everything to a separate privacypass-specific working space, if that would be preferable? Charter text ========= The Privacy Pass protocol provides a performant, application-layer mechanism for anonymous token creation and redemption. Servers (Issuers) create and later verify tokens that are redeemed by an ecosystem of clients, such that: - Any token granted by a given Issuer is unlinkable with all other tokens granted by the same Issuer. - Clients can verify that a token granted by an Issuer corresponds to a committed keypair. - Tokens are unforgeable. - The token issuance and redemption mechanisms are efficient. The primary purpose of the Privacy Pass Working Group is to develop and standardize a protocol that meets these requirements, influenced by applications that have arisen from the wider community. The aims of the Working Group can be split into three distinct goals: First, specify an extensible protocol for creating and redeeming anonymous and transferrable tokens. The protocol should permit suitable cryptographic ciphersuites and security parameterization for cryptographic agility. Negotiation of cryptographic parameters is an application-specific property and thus out of scope for the Working Group. Specification of the underlying cryptographic algorithms or protocols is also out of scope. The Working Group will specify a preliminary set of extensions, including Issuer-supplied metadata and public verifiability, as well as any additional extensions that may arise in the future. Security and privacy properties of the protocol shall be well-documented. Second, describe and develop protocol use cases and properties thereof. This includes, though is not limited to: 1. Describing use cases and interfaces that allow the protocol to be used for those use cases. 2. Defining the privacy goals for each Client during protocol execution, along with expectations placed on the Issuers and the ecosystem at large. 3. Describing parameterizations that control the Client privacy budget and Issuer security parameters. 4. Describing verification mechanisms for sanctioning or trusting Issuers and their corresponding keying material. 5. Describing where key material is stored and how it is accessed. 6. Specifying mechanisms for ensuring that Issuers are not acting maliciously. 7. Describing the procedure for including small amounts of metadata with Issued tokens, as well as the associated impacts on privacy. 8. Describing the risk and possible ramifications of Issuer centralization, and exploring possible mechanisms to mitigate these risks. Third, and finally, specify a HTTP-layer API for the protocol. This includes a common understanding of how Privacy Pass is integrated with HTTP requests and responses for web-based applications. Note that the specifications developed by this working group will be informed by the following initial drafts: - draft-davidson-pp-protocol-00; - draft-davidson-pp-architecture-00; - draft-svaldez-pp-http-api-00. These existing drafts may be further developed into the core deliverables of the working group, supplemented by any additional extensions. Alternatively, they may contribute indirectly to a future set of documents that meet the core goals of the working group.
- [Privacy-pass] Updated WG charter text Alex Davidson
- Re: [Privacy-pass] Updated WG charter text Ben Schwartz
- Re: [Privacy-pass] Updated WG charter text Martin Thomson
- Re: [Privacy-pass] Updated WG charter text Benjamin Kaduk
- Re: [Privacy-pass] Updated WG charter text Christopher Wood
- Re: [Privacy-pass] Updated WG charter text Alex Davidson
- Re: [Privacy-pass] Updated WG charter text Alex Davidson
- Re: [Privacy-pass] Updated WG charter text Steven Valdez
- Re: [Privacy-pass] Updated WG charter text Alex Davidson
- Re: [Privacy-pass] Updated WG charter text Christopher Wood
- Re: [Privacy-pass] Updated WG charter text Joseph Salowey
- Re: [Privacy-pass] Updated WG charter text Alex Davidson