[Privacy-pass] AD review of draft-ietf-privacypass-protocol-11
Paul Wouters <paul.wouters@aiven.io> Wed, 16 August 2023 02:30 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEC90C15107D for <privacy-pass@ietfa.amsl.com>; Tue, 15 Aug 2023 19:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yymkKVZUgc9j for <privacy-pass@ietfa.amsl.com>; Tue, 15 Aug 2023 19:30:17 -0700 (PDT)
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08C1EC151090 for <privacy-pass@ietf.org>; Tue, 15 Aug 2023 19:30:16 -0700 (PDT)
Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-99c47ef365cso816878366b.0 for <privacy-pass@ietf.org>; Tue, 15 Aug 2023 19:30:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1692153015; x=1692757815; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=rSC7jOMBtqFnPFUx46Dzyi8EIiA3jw1Yt/AxUfNcsNA=; b=dfakE9+omFwvGNKzVdlE8WDf+IHE7xJRX9fsIxdIrqlPLM8jQAwJhSLN8C7v7OyaCX HJxHFfpRvXlmUyf5Df+NVfVca+KrDqvbbMZbIRsm55tWepUV4p4Pv2cLdbBFbwVBKV/z XzvDbdKYNCQCWp7kDtMl9xB7Qpy4AN0RSA6GQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692153015; x=1692757815; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=rSC7jOMBtqFnPFUx46Dzyi8EIiA3jw1Yt/AxUfNcsNA=; b=gdawAA6LIT3WgTHKy6/4xMsFWYOztgWln3XRdBM5BCqqWKU6S3+3hGRUVmAM+E3cP3 eDqZ1pkFXTyNPfbBxpw7iXdztgciRtOfL7dKHQyZANe+xbQT+hd8Q7BrNtCSvBuozVl0 SEIKcvMnqDkiwIJ2Eaml936E1N2UkmvKgC48pGMVdLzLV9ttMkhhNScegn54Z0j1b7WM IWrdPvg52XFaRNRI6TSOPYlcU4yd2mMT3NPogbUpkfQ8a4/dHUky/94hBlYVreO74IrQ /OIqyD9jctlfLgLbWBjHxcTHlVCq6Mjer191NNp5bX0VYFY9/s8Tymk3zoh/a089Rywr Fb2Q==
X-Gm-Message-State: AOJu0YxVaDVyBaGL4e+mBJP4vsRThEp6J1a4AIxikVV+IHz+OdR1d/kU UzIDt1l5L9by7P/qKJTRrKR/1q8wsruPwivxB+dXlg==
X-Google-Smtp-Source: AGHT+IHPRe77PAebxYaBH0KPDesrRyz4wUZ4Qv3JU2HQ98Xz7aJb78/OiOnszRTvJcMTLxEgEf+5NmkBknvliiEJZog=
X-Received: by 2002:a17:907:25cd:b0:99b:cdb2:6f5f with SMTP id ae13-20020a17090725cd00b0099bcdb26f5fmr402185ejc.49.1692153015104; Tue, 15 Aug 2023 19:30:15 -0700 (PDT)
MIME-Version: 1.0
From: Paul Wouters <paul.wouters@aiven.io>
Date: Tue, 15 Aug 2023 22:30:04 -0400
Message-ID: <CAGL5yWb_uziZ=rB=Aypnv7L9vYPLKX61Ofp+A-SD2joXa51HOw@mail.gmail.com>
To: draft-ietf-privacypass-protocol@ietf.org
Cc: privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005f5d3b06030113e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/4aTAx2npIhhARoyC2OY8py95Mlk>
Subject: [Privacy-pass] AD review of draft-ietf-privacypass-protocol-11
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2023 02:30:21 -0000
Thanks for producing this document. It is a clear read. I have a few minor questions and a few comments to consider for improvement. Questions: Clients SHOULD NOT use a token key before this timestamp Why is this not a MUST NOT ? Why is token-keys not called issuer-token-list ? Brings it more in line with issuer-request-uri and deconfuses it from token-key. This way, the top layer is issuer-* values and the bottom layer is token-* values. Similarly, I would name not-before token-not-before. Since Clients truncate token_key_id in each TokenRequest, Issuers should ensure that the truncated form of new key IDs do not collide with other truncated key IDs in rotation. So why are the token ids truncated? Why not use the full id ? Each key pair SHALL be generated as as specified in FIPS 186-4 Can this be rephrased as "SHALL be generated securely, for example as specified in FIPS 186-4". I find it a bit odd for an IETF document to require a national crypto standard conformance. Then you can also keep the DSS reference as informative. If the document ends up keeping this text, it would have to reference DSS normatively. The DSS link https://dx.doi.org/10.6028/nist.fips.186-4 throw a warning that it is about to die and points to an updated reference. Use that instead? Comments: I find the line breaks for some table items confusing, eg: issuera- request- uri People will wonder if that should read as "issuer-request-uri" or "issuerrequesturi" There are a number of these in the document (token-key, token-type, ?) UNIX timestamp - Maybe refer to https://datatracker.ietf.org/doc/html/rfc8877#section-4.2.1 Regular rotation of token keys is recommended to minimize the risk of key compromise. You mean minimize the effects of a key compromise ? Or minimize the exposure of compromised keys? The Issuer then tries to deseralize Start this sentence on a new line so it becomes clearer this is not part of the just mentioned failure path? The Token.nonce value is that which was sampled in Can we say "created" instead of "sampled" ? Otherwise, if the Issuer is willing to produce a token token to the Client There is a stray "token" word in that sentence. The document references draft-irtf-cfrg-rsa-blind-signatures-13 but -14 is out. The last sentence of the Security Consideration section runs on very long and is very hard to read. Can this be split in separate sentences? The document references draft-ietf-privacypass-auth-scheme-11 but -12 is out. In section 8.2, it refers to an IANA registry by pointing to another document instead of just naming the registry. This indirection is not desirable. Just reference the IANA registry "Privacy Pass Token Type". draft-ietf-privacypass-key-consistency-00 is also an outdated reference, as -01 is available. The Shepherds write up answered the question on "required formal expert review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews" as "N/A" but the document does add a number of media type registrations. Paul
- [Privacy-pass] AD review of draft-ietf-privacypas… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood