IETF Logo Mail Archive

Re: [Privacy-pass] New drafts for IETF107

Alex Davidson <adavidson@cloudflare.com> Thu, 26 March 2020 15:01 UTC

Return-Path: <adavidson@cloudflare.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01CB03A017E for <privacy-pass@ietfa.amsl.com>; Thu, 26 Mar 2020 08:01:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ua7mir6Ek5zM for <privacy-pass@ietfa.amsl.com>; Thu, 26 Mar 2020 08:01:40 -0700 (PDT)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EB763A03FE for <privacy-pass@ietf.org>; Thu, 26 Mar 2020 08:01:40 -0700 (PDT)
Received: by mail-wm1-x334.google.com with SMTP id c81so6804791wmd.4 for <privacy-pass@ietf.org>; Thu, 26 Mar 2020 08:01:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=cv0IIYeRoXPOkaQPpyV+O/Yl3bqnCK8pBd/Q6wG5Z9c=; b=TOD9ePoCwQhWX7+VmdV9guAVSbqSpFOUzFuntKIDsHtJHrVMfpTfz5Ny0uqzWIwnJ2 WTxZqfMmplkNL7qBMrbmU8tWJWvMaHvv3qy8y/c6EakZut7mHlp2OE6Hu/SN3IaxyFFZ /2ViHXZA9sHKfgzIAx5umJKtdifodvNzq28U4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=cv0IIYeRoXPOkaQPpyV+O/Yl3bqnCK8pBd/Q6wG5Z9c=; b=IT4vxxlryUORw8PIhbUldq22OOZeQervvVfmeyXNnbWR/IeLKgbCwWRacO6vsgKo9m jUKimZehD518XVqWpEN3Pig4JWC24HxzOTmDEhxSE48F2S95yEddd37DvYapTzcjsXEX kR1apbA53EWySRakef64+umKtbbY7rhpfg/xoFKT4CD+epyV3BoZdmOBK3Y3kIiG/1cg Y7gpCQSIUm9AOgbTTWUV8UmsXSCOljVUxMN8YQk2BrQ7saTNDA3Uq3fJVLJ6tLaZudLJ YvYzAW5YymrnOz5XHWNm/T0Oac9tsKmTnx+JMW+IVqmsOn1ztmMGaiVGRqnkoIqTBgzS 9IPw==
X-Gm-Message-State: ANhLgQ2cii+Yit8bq5KC5PeOeiGc0wGljhl41IFEIx+WyCkTPLE4oQqC 3PpU9n1nIVwHCOGKwj585Fa9ZA==
X-Google-Smtp-Source: ADFU+vs9hsjFDPtJVnU1ahp27skojssXBcdgY3WevNdjZkipmjRPVg/bM6fWoZIpsDXXCLXpCZ3WIQ==
X-Received: by 2002:a1c:41d4:: with SMTP id o203mr351247wma.1.1585234898235; Thu, 26 Mar 2020 08:01:38 -0700 (PDT)
Received: from ?IPv6:2001:8a0:7ac8:f600:802d:4a56:7265:f9cf? ([2001:8a0:7ac8:f600:802d:4a56:7265:f9cf]) by smtp.gmail.com with ESMTPSA id y80sm3983945wmc.45.2020.03.26.08.01.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Mar 2020 08:01:37 -0700 (PDT)
From: Alex Davidson <adavidson@cloudflare.com>
Message-Id: <57B5F73B-7282-41D1-9328-699CC7FE4A94@cloudflare.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3DC3D270-30B8-4EE7-ACBC-0A70C79AC155"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 26 Mar 2020 15:01:32 +0000
In-Reply-To: <CAKAkE=3ds-9rO7pKa4qKNNeG3UGiTVkRp=tPNO7ioOLq-M+niA@mail.gmail.com>
Cc: Sofía Celi <cherenkov@riseup.net>, privacy-pass@ietf.org
To: Mariana Raykova <marianar=40google.com@dmarc.ietf.org>
References: <62860787-70C2-4B39-BC6B-B0A83DDCD824@cloudflare.com> <CANduzxDCEi3izVM49EmTwyLf=LNpO1dTPqb6JmO7zxaHPTCaTg@mail.gmail.com> <1F946C3A-D194-435E-9A0F-2388C70324C3@cloudflare.com> <38505538-5FC5-4496-BD80-760C6071BD01@cloudflare.com> <0E23922F-9E2A-4192-B4CA-E8462CC672A2@cloudflare.com> <CANduzxDAKjQion4sUxquu7OHZDbv+PO9+oRRnBYaoAkOrXCicw@mail.gmail.com> <8FBF8C9F-6B9A-4D9D-AF92-0912BCD7A955@cloudflare.com> <CANduzxANrL7TBRhPz2vqsS19NCQM45KUPhrUACnGJQ494n-J5w@mail.gmail.com> <4889145F-5FBE-4C6F-83EA-60491426DC56@cloudflare.com> <4A86E6B1-694F-4E4D-A22F-417B690B0BE3@cloudflare.com> <ea9feab6-5f7f-f927-bd5f-73ea8a805aa1@riseup.net> <83D15981-9424-4B31-9DD7-24101E5F370E@cloudflare.com> <99682788-41a4-b933-bff7-4c40c5ff0650@riseup.net> <CAKAkE=3ds-9rO7pKa4qKNNeG3UGiTVkRp=tPNO7ioOLq-M+niA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/8NacVU8xg1T6oWR0imB8i6izh3c>
Subject: Re: [Privacy-pass] New drafts for IETF107
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2020 15:01:43 -0000

Hi all,

@Mariana: Thanks for bring up. I agree that adding a discussion on the consideration of attaching some small amount of metadata to tokens that are issued is something that we will want to bring up the core documents. In particular, a potential path forward would be to add an additional implementation of the Privacy Pass API in the protocol draft based on the https://eprint.iacr.org/2020/072.pdf <https://eprint.iacr.org/2020/072.pdf> construction that incorporates the additional metadata bit, to go alongside the existing implementation. Then we would address the privacy analysis of incorporating this extra bit in the architecture document, though I think this will be relatively straightforward. Would be interested to hear what other think about doing this.

This does raise the question of whether we would want to be even more general in the architecture document and discuss the privacy impacts of adding more arbitrary metadata to tokens, up to a certain amount of bits. It’s not clear what the implications of doing this would be, so adding a wider discussion and analysis may well be worthwhile?

> On 25 Mar 2020, at 22:39, Mariana Raykova <marianar=40google.com@dmarc.ietf.org> wrote:
> 
> Hi Alex,
> 
> Thanks for preparing the drafts with Steven. 
> 
> I would like to propose adding to the architecture document the private metadata bit as a possible extension as defined in our paper https://eprint.iacr.org/2020/072.pdf <https://eprint.iacr.org/2020/072.pdf>. We discussed this in the meeting in New York as one of the extensions. I know that we have decided that the actual protocols will be described in a separate CFRG document but I would like to have the functionality as an extension to the Privacy Pass functionality included in the document that lists several different extensions. For example, to achieve a single-issuer with forwarding-verifier requires significant changes to the Privacy Pass construction and similarly other applications with general ZKPs, changes that are on the order of the changes to achieve private metadata but. 
> 
> I think in another email thread there was a discussion about other proposals in this space and Alex mentioned that partially blind signatures can be viewed as an extension of the Privacy Pass framework, I think the private metadata bit falls in a similar category. The related work of our paper has an overview of some existing work that may also be relevant.
> 
> thanks,
> Mariana

@Sofia: Thanks for raising these points. I’ve inlined my reply, but please feel free to raise issues on the GitHub repo for the things that you have highlighted (I can also do this once I get a moment).

> 
> On Wed, Mar 25, 2020 at 3:35 AM Sofía Celi <cherenkov@riseup.net <mailto:cherenkov@riseup.net>> wrote:
> Hi, Alex!
> > The points that you’ve raised above all make sense to me. If you would be interested in submitting an issue/PR for solving them, that would be really useful and I would be happy to review it.
> 
> Just sent it ;) I added some grammar corrections as well.
> While doing the PR, I also realized that it is not clear when the
> 'Issuance message' is sent. It seems to not be the output of any of the
> API functions... I'm not sure how that one works..

That’s true, I think in the protocol it just needs to be made more clear that the IssuanceMessage is constructed by the client from the ClientIssuanceElement data that it creates. However, we could probably also condense these types down into one that is also sent on the wire.

> 
> After reading the architecture document, I thought that:
> 
> - Maybe it will be nice to give an example for the unique identifier for
> the client id
> - It will be nice to define what anonymity means in the draft, maybe
> taking the definitions of some papers that have defined the different
> terms around anonymity.

Yes, this is a good point. We should be clearer on what definition of anonymity we are considering.

> - This section is a little unclear for me:
> """
> In addition, we RECOMMEND that trusted registries indicate at all
> times which issuers are deemed to be active.
> """
> How will the registries determine which issuers are active?

Also a good point. I think this comes into the way that we detect and act against servers act maliciously. The concept of an active issuer is maintained to ensure that we only have a fixed number of issuers at any one time.

> - It will be nice to also recommend a time for when servers can rotate
> their signing keys.

Either we will want to consider fixed time periods, or the configuration manager will need to monitor the times when updates have occurred and decide whether to accept them or not. This is the approach that currently exists, but I think this is something that it would also be useful to get a broader consensus on.

> - It also seems to have some variable naming consistency issues that
> I'll fix in a PR if it is ok ;)

Sure, by all means!

Cheers,
Alex

v2.23.0 | Report a Bug | By Email