[Privacy-pass] Privacy Pass draft comments
Ben Schwartz <bemasc@google.com> Fri, 24 July 2020 21:43 UTC
Return-Path: <bemasc@google.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F273A0CF7 for <privacy-pass@ietfa.amsl.com>; Fri, 24 Jul 2020 14:43:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AIMcsAs71r_i for <privacy-pass@ietfa.amsl.com>; Fri, 24 Jul 2020 14:43:37 -0700 (PDT)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DE4B3A0DB8 for <privacy-pass@ietf.org>; Fri, 24 Jul 2020 14:43:36 -0700 (PDT)
Received: by mail-wm1-x32c.google.com with SMTP id c80so9111240wme.0 for <privacy-pass@ietf.org>; Fri, 24 Jul 2020 14:43:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=cg4JEjojWB8XhatMYz6+zBrEv3P7JpcID7WUCNVhnHU=; b=mHghfmFvuq8nxOd1+5biXWBXpqiGlfGMOoo1yLSpoVXZMrTySbbIolEFbadnLf8pq3 55SAU/cUKY1CpSYsfeOUuY/p6u2cLHc6joe0/Adoqyt7LgkMubue8flBwMvBp7bz4yaE VURFBGgs4jtFFIGXLk7Kq0lKaUxxZ4NxDWwo2dt5lacsa1sfFWILhXbkV6PYKYqCmhet l7LcNqYPGeDApQKiI+3TS/Stk7oiAmhFX5wWIdtjLlshL1R5p/CFIeNFjy5z5sDgdxCc 1TQsZfGLIg8Vous792MQ4HS691QGJvo2xnyoZQJ+Ro3NX8zyyyO00tmpw9aQFCOJ8OPW GO0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cg4JEjojWB8XhatMYz6+zBrEv3P7JpcID7WUCNVhnHU=; b=PMMu3dvB9pginlMafz3N7nd4KDOFrmI1+s2QktGMC0y8J1kQXDRhTMpV+739U3PT21 dx32HkL5uijIhgxRJVesXd7ysieSfzFVsZZukMPDzoLAsqppV965YFbgHm9KzBcnOb2u 9Dpj2M1DpzJLIqm20I+ElI4v/yI3zeKul35/W8zllQhm4yibtozGzAQXuzZ8p743WCjr eZoMKq/GGgPFnm3xjYtS5/x9mcEAVqwPvdssotPw7NHytItv1Be6f5N1CIvyWelG8JwW CYkjSJIjnjiUMZ1+0NjK9W2PIYAqblFXO5Z9eGXXgHliyJCFh1ob20MJlIexXDVKSjGw PD2g==
X-Gm-Message-State: AOAM532yEcEyPs6K+z0aLyRYEIh9alSD6tmeXtIghf4ejRxcVrJDaadS B2s4hp/eDo0ZzUti8e9VY1USICUmnC4VdzsVo/3/8H40gmM=
X-Google-Smtp-Source: ABdhPJx8eh5vVAKKyjjZYZyE9+JWTmHJdxKxNg6bzomxMlvvjOlzCCYwB+7nvxDvD66d2hFKpg0LaQex1pxgTEQ0ows=
X-Received: by 2002:a1c:a757:: with SMTP id q84mr7895643wme.1.1595627014278; Fri, 24 Jul 2020 14:43:34 -0700 (PDT)
MIME-Version: 1.0
From: Ben Schwartz <bemasc@google.com>
Date: Fri, 24 Jul 2020 17:43:22 -0400
Message-ID: <CAHbrMsCTo6sYDKNgTNfsk2aJvzGO_uEWiA8u+d5_qah0nsXPJA@mail.gmail.com>
To: privacy-pass@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000006a0b2405ab36ddbc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/4W_cEQWsMHYxQYxYquGGLV2iVbY>
Subject: [Privacy-pass] Privacy Pass draft comments
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 21:43:46 -0000
Some comments on the drafts scheduled for discussion in our session next week: On the architecture: The draft mentions a use case for "1 bit of metadata" without further explanation. Is this in reference to the PMBToken proposal? I think it would be worth clarifying the reference. Regarding PMBToken, I'm not sure that proposal necessarily reduces the anonymity set in the way that the architecture draft describes. It sounds like the server returns either a valid token, which the server can later verify, or an invalid token, which the server cannot distinguish from client-generated garbage. If so, we might avoid reduction of client anonymity by encouraging all clients to attempt to send garbage tokens occasionally. "Don't Take Any Wooden Nickels" [1]. On the HTTP API: There's no explanation of why this is all being jammed into a Sec-Privacy-Pass header. This is very much unlike a typical REST API. What's the goal here? I think it would be worth clarifying. If this design is to allow tacking redemptions onto arbitrary HTTP requests like a cookie, then could issuance still be a normal REST API? Then we probably wouldn't need the "type" field for redemption; it could be implicit. --Ben [1] https://en.wiktionary.org/wiki/don%27t_take_any_wooden_nickels
- [Privacy-pass] Privacy Pass draft comments Ben Schwartz
- Re: [Privacy-pass] Privacy Pass draft comments Steven Valdez
- Re: [Privacy-pass] Privacy Pass draft comments Ben Schwartz