Re: [Privacy-pass] New drafts for IETF107

Sofía Celi <cherenkov@riseup.net> Wed, 25 March 2020 07:35 UTC

To: privacy-pass@ietf.org
References: <62860787-70C2-4B39-BC6B-B0A83DDCD824@cloudflare.com> <CANduzxDCEi3izVM49EmTwyLf=LNpO1dTPqb6JmO7zxaHPTCaTg@mail.gmail.com> <1F946C3A-D194-435E-9A0F-2388C70324C3@cloudflare.com> <38505538-5FC5-4496-BD80-760C6071BD01@cloudflare.com> <0E23922F-9E2A-4192-B4CA-E8462CC672A2@cloudflare.com> <CANduzxDAKjQion4sUxquu7OHZDbv+PO9+oRRnBYaoAkOrXCicw@mail.gmail.com> <8FBF8C9F-6B9A-4D9D-AF92-0912BCD7A955@cloudflare.com> <CANduzxANrL7TBRhPz2vqsS19NCQM45KUPhrUACnGJQ494n-J5w@mail.gmail.com> <4889145F-5FBE-4C6F-83EA-60491426DC56@cloudflare.com> <4A86E6B1-694F-4E4D-A22F-417B690B0BE3@cloudflare.com> <ea9feab6-5f7f-f927-bd5f-73ea8a805aa1@riseup.net> <83D15981-9424-4B31-9DD7-24101E5F370E@cloudflare.com>
From: Sofía Celi <cherenkov@riseup.net>
Autocrypt: addr=cherenkov@riseup.net; keydata= mQINBF2PpxoBEADAIhbOpA23OBsXzg/aQakv88vaLv8Dxt2oR92Rz9cfxca736HKDeO19IFC F1Anu6ylQsJfoT4UUgbGIjJpHtQB3OVIcgvsMagfZ0lEHd1eG8H8K9wqSjwSphUJl9ra+tMW MEbSDVmeV6qvHeO63vrazXrgUKBf0jDae0HcK++AYiSeSpbTmN+zTsY3ZXy9H1sdNhMUlkGt jcpROrna2NaSL3YG8YNJHsN+zGPoaBbPo9gQALUvuxtg0yS/ecly2xomWIeH6qJ4yJonO/Ys WqAAC96n423BeC1cAyYjij8ydygnR3csTibUI/iPkoH8xstnTyrv3djyiunVuw1BQUNqmtLV v7meRZfIFbfnNatuuPYp7S5NnL58vUwY/BwlMb5OhyzdCckRcITAXiz8sp4LANx1lxIdbaQA 9NsYv32vem9Pd0wtdN5JTW3dajgJtPAC1yfR86rw9u/+BSW9KhRqNF0/a+hX/+Njdni9fkl9 EheZiFHNO+nXeGLy0kikhUXr5iLg8626fG9I8QYuNj05WIEntegvAW65YjGTYSCdVgLx2bvv oGwC/4/jWxNm8MTzv38f/9YAZ5u5DSG3dFKYAjwOhf1IgEMTEWj+bKDFvgpv5fdTFumLxNey M/v3viwuNjS1hscRbi6IO36v4sFce4K1C5GU93YIgao2j01M8QARAQABtB1yaXNldXAgPGNo ZXJlbmtvdkByaXNldXAubmV0PokCVAQTAQgAPhYhBPq5Ptx83RGY3P1FWJG7a0VvRC0CBQJd j6caAhsDBQkHhh+ABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJG7a0VvRC0CEV0P/2UN rjx8LYmz/ydk2XO/uNWyobCtj/y9XBhZG9dpB8R43VC8OS5gv4Nw2ZLDrrpLQmaQ2dXjAeLL +9eCM++QT//VP2j2QS3YKbIcRreXSnl7DI6bMpD+Pu3JwiYHSyBs1zZT+VGm4nTS6QH588XJ VrslKyDYJFfzaHgkIGtxAWgqaHWAZHtjqh6PNEWMe2t571YYcVlk29cWsJ5ITsSPb+0Y0xJn u5HKQOc4TOdraedpLSFb5CZRlusNgWvhqmL4VyIcfjSEY0B8JVOgVpUeNTy0sZcDflYJ6uSN 9B1m79kb8STnVOtFS9gjnWbVwjAunqkkb/joRZhYfjeANVyYC4skh0uqJLFtqJw4r8s9+MrE p4lBy30lQ7mYYyqvRcwyEgoRRLHUvzV6cIHau/HV1pw0lwcbiXk3jP+TMf6OKOzg6lGJ/zX0 ZD+s0OAvHh8GM+5TDlgEM4Dwp6Q+9Jr1m9sp1QDQVbU7xrXXndXDd8RLEkiMDLovyyDtN6Jn HsW9PVMtu6sXvmbn0AHeHzHU/+bwB1LF4sx8O82tWKCgZlm270p+Bk6mjYmrlO4eQ11/AOF6 3ZlVoeXSaM4X0yoKa3ltdWaRoy9L0a4p7JuQYhBYIzjARbVjp9CmxctuQqW2qNSCJfagsUl8 mpcrs7xdhzfhzZHf8kQYWQcPYPPWLWqIuQINBF2PpxoBEACow9T4wPaQvKNG2LBnXeuLkDxf VGrZ/fDk0yfhG0174SjWXvDMIAgdNmfn2F4CM4F2FfPI32NZT34Td89fyWEWvP5/2I9HywyI QI/ubQvbqvm0l+DyzsdZNj4MBmNLy34Rg3K8uScgG7YbakzUplalbQKuzHrSW5OL5aBeKOG2 NGKJK7VZ4MzbdxhCLnXYvQwgnSkJ6B3AoBGv0LsLYzGUixzlMbNmYEhlQcK2scqprmFoX9rQ ymStV8b4Z37gkVmYeWGG2D9zl8gLj0u5Xw/KlF45JNxtMFBSL+Px7E1c+GJTWJxIENBhxRAu fxvbvduyJdXTObI51bqgV57510RjoLdzvVVqUpevmIdaMnavyUnDZOb8sBg3JG6NozZVzlXf S3FAvvK82zRShpd06ZNUbxPtNkruH/dT+6QV8gW3jX15gKGp2CtvhxLbi8ysV6zwtqxPkba2 03J0RAq2lVzxE/CSAP2qGPttElzHOPqhdmL6XjdmTw/WpF+qT8acB6Te8HZF+DriR/xG6EA1 MSdIK0vX4r5+U5bd0r7sh1ysSaYk/RI8hqxZZ4VGdPbVhFCOdT8AVcEXRoLsv+oN4x5WYJ9g 8G8Xw9+DvCNjFLxaGcL0ATHc8u8TyeegGRF3ZQNsRCqfVOLEYclYX+DqIly4ebCawAoIeWg2 GvN9cJAnFwARAQABiQI8BBgBCAAmFiEE+rk+3HzdEZjc/UVYkbtrRW9ELQIFAl2PpxoCGwwF CQeGH4AACgkQkbtrRW9ELQJX3g/8DAxtZTUJAlbKkluY30zITfcUwH4h9Rppxx/RvibZ1R4k 960OlvwyoRZ5rv2XiQA5VxOaVlh1tJErZnAyqgYwHr5CGQBjPEgkmRWBzme4W62uvCXOahxJ 4lNpr0TrVGRNOu223zYQcaN5S4Q5H2U9XNUFx8UF5leZIL6/Z6/bSGEW27vSuCxY6v8MkhQC 6l8T5RJqDsJmhwcVg9KDm8eGLkiu+kXS8iKl/Bw4o9257BI8hswBVRhN8kpHsecP2MGzKwn9 ccXWnOfM75qiq566UI26MY5priaGz5i+eCo26Rc0edm0IXxNs6rUZKVQUoxfMb/A/buJknYZ lUYXAgG2eDHEjlXvqNxQWHgfhIGqKFXDWuMt0sKP7Ta/lvGVPx9IHCTvkRZn9mtIN2/F9Lt5 sK3kezAlFw3BK6AIbD2v+g8TZnvKWSBidJHyhh7OEmKg3gXA3DxBpb7TU6iVUfG5e10RJUvQ qQNTSxv6mxJOgE3mEXizzj+tC6aEG/BzBwDsQpKquzUIKGCF2EGX9C7CZBhlsng/zmL3TFH6 EnY1tqV/lEg2/+gCLy/OE2dlE+EDZEtAiV183lzZNBs5Bg9NIz0Gq6a4ZkA8zDOFuxL2BFH2 EqrT33ladX2AIyKPMF50IwY4TMxGRlKhAjb4++pb55vBwVBLaTC09mvA+CuupPU=
Message-ID: <99682788-41a4-b933-bff7-4c40c5ff0650@riseup.net>
Date: Wed, 25 Mar 2020 02:35:26 -0500
MIME-Version: 1.0
In-Reply-To: <83D15981-9424-4B31-9DD7-24101E5F370E@cloudflare.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/5TYMHVXqlvH5O9_TVczvnP_KA_4>
Subject: Re: [Privacy-pass] New drafts for IETF107
Precedence: list

Hi, Alex!
> The points that you’ve raised above all make sense to me. If you would be interested in submitting an issue/PR for solving them, that would be really useful and I would be happy to review it.

Just sent it ;) I added some grammar corrections as well.
While doing the PR, I also realized that it is not clear when the
'Issuance message' is sent. It seems to not be the output of any of the
API functions... I'm not sure how that one works..

After reading the architecture document, I thought that:

- Maybe it will be nice to give an example for the unique identifier for
the client id
- It will be nice to define what anonymity means in the draft, maybe
taking the definitions of some papers that have defined the different
terms around anonymity.
- This section is a little unclear for me:
"""
In addition, we RECOMMEND that trusted registries indicate at all
times which issuers are deemed to be active.
"""
How will the registries determine which issuers are active?
- It will be nice to also recommend a time for when servers can rotate
their signing keys.
- It also seems to have some variable naming consistency issues that
I'll fix in a PR if it is ok ;)

>> - The architecture draft states the possibility of the existence of
>> malicious servers that can rotate keys in a short time frame. Something
>> that maybe also needs to be think about is the possibility of malicious
>> servers deleting the storage of valid inputs (used to protect against
>> double spending). I don't know how possible this can be, and how to
>> protect.. but I was just wondering if it has been thought.
> 
> I guess this is a possibility. However, a server should only really maintain the double-spend index for their own security (to prevent clients from spending the same token over and over again). If a server decides to delete this storage, then really they have only harmed themselves. So I’m not sure if we need to cover this point specifically, other than mentioning that the server SHOULD maintain a double-spend index as detailed in the document.

Oh, that is right! It makes sense.

Thanks so much!

-- 
Sofía Celi
@claucece
Cryptographic research and implementation at many places
FAB9 3EDC 7CDD 1198 DCFD  4558 91BB 6B45 6F44 2D02

[Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Steven Valdez
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Steven Valdez
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Steven Valdez
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Sofía Celi
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Sofía Celi
Re: [Privacy-pass] New drafts for IETF107 Mariana Raykova
Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
Re: [Privacy-pass] New drafts for IETF107 Mariana Raykova
Re: [Privacy-pass] New drafts for IETF107 Steven Valdez