[Privacy-pass] AD review of draft-ietf-privacypass-protocol-11
Paul Wouters <paul.wouters@aiven.io> Wed, 16 August 2023 02:30 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEC90C15107D for <privacy-pass@ietfa.amsl.com>; Tue, 15 Aug 2023 19:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yymkKVZUgc9j for <privacy-pass@ietfa.amsl.com>; Tue, 15 Aug 2023 19:30:17 -0700 (PDT)
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08C1EC151090 for <privacy-pass@ietf.org>; Tue, 15 Aug 2023 19:30:16 -0700 (PDT)
Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-99c47ef365cso816878366b.0 for <privacy-pass@ietf.org>; Tue, 15 Aug 2023 19:30:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1692153015; x=1692757815; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=rSC7jOMBtqFnPFUx46Dzyi8EIiA3jw1Yt/AxUfNcsNA=; b=dfakE9+omFwvGNKzVdlE8WDf+IHE7xJRX9fsIxdIrqlPLM8jQAwJhSLN8C7v7OyaCX HJxHFfpRvXlmUyf5Df+NVfVca+KrDqvbbMZbIRsm55tWepUV4p4Pv2cLdbBFbwVBKV/z XzvDbdKYNCQCWp7kDtMl9xB7Qpy4AN0RSA6GQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692153015; x=1692757815; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=rSC7jOMBtqFnPFUx46Dzyi8EIiA3jw1Yt/AxUfNcsNA=; b=gdawAA6LIT3WgTHKy6/4xMsFWYOztgWln3XRdBM5BCqqWKU6S3+3hGRUVmAM+E3cP3 eDqZ1pkFXTyNPfbBxpw7iXdztgciRtOfL7dKHQyZANe+xbQT+hd8Q7BrNtCSvBuozVl0 SEIKcvMnqDkiwIJ2Eaml936E1N2UkmvKgC48pGMVdLzLV9ttMkhhNScegn54Z0j1b7WM IWrdPvg52XFaRNRI6TSOPYlcU4yd2mMT3NPogbUpkfQ8a4/dHUky/94hBlYVreO74IrQ /OIqyD9jctlfLgLbWBjHxcTHlVCq6Mjer191NNp5bX0VYFY9/s8Tymk3zoh/a089Rywr Fb2Q==
X-Gm-Message-State: AOJu0YxVaDVyBaGL4e+mBJP4vsRThEp6J1a4AIxikVV+IHz+OdR1d/kU UzIDt1l5L9by7P/qKJTRrKR/1q8wsruPwivxB+dXlg==
X-Google-Smtp-Source: AGHT+IHPRe77PAebxYaBH0KPDesrRyz4wUZ4Qv3JU2HQ98Xz7aJb78/OiOnszRTvJcMTLxEgEf+5NmkBknvliiEJZog=
X-Received: by 2002:a17:907:25cd:b0:99b:cdb2:6f5f with SMTP id ae13-20020a17090725cd00b0099bcdb26f5fmr402185ejc.49.1692153015104; Tue, 15 Aug 2023 19:30:15 -0700 (PDT)
MIME-Version: 1.0
From: Paul Wouters <paul.wouters@aiven.io>
Date: Tue, 15 Aug 2023 22:30:04 -0400
Message-ID: <CAGL5yWb_uziZ=rB=Aypnv7L9vYPLKX61Ofp+A-SD2joXa51HOw@mail.gmail.com>
To: draft-ietf-privacypass-protocol@ietf.org
Cc: privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005f5d3b06030113e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/4aTAx2npIhhARoyC2OY8py95Mlk>
Subject: [Privacy-pass] AD review of draft-ietf-privacypass-protocol-11
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2023 02:30:21 -0000
Thanks for producing this document. It is a clear read. I have a few minor
questions and a few comments to consider for improvement.
Questions:
Clients SHOULD NOT use a token key before this timestamp
Why is this not a MUST NOT ?
Why is token-keys not called issuer-token-list ? Brings it more in line with
issuer-request-uri and deconfuses it from token-key. This way, the top layer
is issuer-* values and the bottom layer is token-* values. Similarly, I
would
name not-before token-not-before.
Since Clients truncate token_key_id in each TokenRequest,
Issuers should ensure that the truncated form of new key IDs do
not collide with other truncated key IDs in rotation.
So why are the token ids truncated? Why not use the full id ?
Each key pair SHALL be generated as as specified in FIPS 186-4
Can this be rephrased as "SHALL be generated securely, for example as
specified in FIPS 186-4".
I find it a bit odd for an IETF document to require a national crypto
standard conformance.
Then you can also keep the DSS reference as informative. If the document
ends up keeping
this text, it would have to reference DSS normatively.
The DSS link https://dx.doi.org/10.6028/nist.fips.186-4 throw a warning
that it is about to
die and points to an updated reference. Use that instead?
Comments:
I find the line breaks for some table items confusing, eg:
issuera-
request-
uri
People will wonder if that should read as "issuer-request-uri" or
"issuerrequesturi"
There are a number of these in the document (token-key, token-type, ?)
UNIX timestamp - Maybe refer to
https://datatracker.ietf.org/doc/html/rfc8877#section-4.2.1
Regular rotation of token keys is recommended to minimize the risk
of key compromise.
You mean minimize the effects of a key compromise ? Or minimize the
exposure of compromised keys?
The Issuer then tries to deseralize
Start this sentence on a new line so it becomes clearer this is not part of
the just mentioned failure path?
The Token.nonce value is that which was sampled in
Can we say "created" instead of "sampled" ?
Otherwise, if the Issuer is willing to produce a token token to the
Client
There is a stray "token" word in that sentence.
The document references draft-irtf-cfrg-rsa-blind-signatures-13 but -14 is
out.
The last sentence of the Security Consideration section runs on very long
and is very hard to
read. Can this be split in separate sentences?
The document references draft-ietf-privacypass-auth-scheme-11 but -12 is
out.
In section 8.2, it refers to an IANA registry by pointing to another
document instead of just
naming the registry. This indirection is not desirable. Just reference the
IANA registry
"Privacy Pass Token Type".
draft-ietf-privacypass-key-consistency-00 is also an outdated reference, as
-01 is available.
The Shepherds write up answered the question on "required formal expert
review criteria,
such as the MIB Doctor, YANG Doctor, media type, and URI type reviews" as
"N/A" but the
document does add a number of media type registrations.
Paul
- [Privacy-pass] AD review of draft-ietf-privacypas… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood