Re: [Privacy-pass] Private Access Tokens and Privacy Pass Architecture
Christopher Wood <caw@heapingbits.net> Mon, 20 December 2021 18:40 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD0123A0841 for <privacy-pass@ietfa.amsl.com>; Mon, 20 Dec 2021 10:40:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=McQmrnn0; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=TVcJkmgY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Ip6-qtlANBS for <privacy-pass@ietfa.amsl.com>; Mon, 20 Dec 2021 10:40:48 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D854A3A0848 for <privacy-pass@ietf.org>; Mon, 20 Dec 2021 10:40:47 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 488E15C020B for <privacy-pass@ietf.org>; Mon, 20 Dec 2021 13:40:47 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute1.internal (MEProxy); Mon, 20 Dec 2021 13:40:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=y5wD0RZZc1pis4iPYSJAOUrn9DC9neO o8g/PUlvGGjY=; b=McQmrnn0PFBFHY6rNI+BHJDs5DBQxlHIVO2wPGKVNLps/R9 gb71O4WODIfLQHNwwhuOS/qvFRqJDGXuW1ACh4iQ5b/c6vJay09bV8o27gMWvckq L89klsqtwiIqoMxh4jQINT6iG3V9VI2bkWs4b+EQDDMIf7+Wt0vaBdyXc8g13EWp w9vDEOPCjS37YrxUzXoKnUU2xBQ09J66e5icf9cl9lVwIRJS3G4Cp8n9m5PZB45f +6qK08p4028ytQop/oOJYZSIj/5aASuTgqE9nzhpbuxRPlD/JtoMh18FxVvvxqIk rgtroPIvKiKIYMXPo0kbAPxLdjqAok4cGxwQkvA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=y5wD0R ZZc1pis4iPYSJAOUrn9DC9neOo8g/PUlvGGjY=; b=TVcJkmgYLlIeaxVPiERtFD 9DfmpQxP530xGNHHZcz92jFsF/ZcQRO3kZRiLYNsohMF80NhE97CqPF6tiahCz63 bzRdAXuIucJN4mHnRRLVkfMUW3wjkeXw3zfo/8nm8rv9AO5vEhlPSiU4Q+KV0RZU uhcYvUYRegFhcG7n2lD04nEtPmPueAc1tV+JwdTfa7xZ17SkdPjU2ONKb3GnygoF 0HiXSeq85legVdS8W11wYcxcm8W+6rnKvdv7wyM93e/VpqWrnZtozHQEGu6B0tBO xpb5WzjAzWamLF7z3lU+RuWCzyHex6xHZFxu8OlcR1QPwjcLMT1pDNW/z0BfIswA ==
X-ME-Sender: <xms:L87AYSI9jWc_RWugSPcB69JZkSo2f4DVx5GZmWKPqP6lr9evQBMFHg> <xme:L87AYaKvXRvpHrBKBt6lSzSo_eZZj3BSOyFD-H6d5-NqCA_NMD99DG_5F3EMJHMAA P-9P1kwwP-ItOEWSJc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddruddtvddgudduiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfvehh rhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvg htqeenucggtffrrghtthgvrhhnpefhfefhfeelkedtffeufffhkeeigedvkeefgedtveeg tddvfffhveetveffudfggfenucffohhmrghinhepghhithhhuhgsrdgtohhmpdhivghtfh drohhrghdpghhithhhuhgsrdhiohenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:L87AYSusZy_ki-p9hE3ceRwqDotogN3GxyP0rgiK5zx_pZ7pbB3xFQ> <xmx:L87AYXZcWpqdGvwy6mHNtHpQvI6eJ3pGi5RponF2GvRye4_b4C8KDw> <xmx:L87AYZYml7SPeJNkZwDY4n7ur2lqiKuDghlwVSynM0Q5_b_qPrL33g> <xmx:L87AYSlqZ5Kii9oh02EH1GUSlAcSpUMN57IwmEprVXoa_O-uDjhAeA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 22E583C0146; Mon, 20 Dec 2021 13:40:47 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4524-g5e5d2efdba-fm-20211214.001-g5e5d2efd
Mime-Version: 1.0
Message-Id: <5355f62e-0634-4a59-b4b1-34b90f3bb9ca@www.fastmail.com>
In-Reply-To: <CAD5V+fM9eds4cJD_6c=HTAx0bJWAirQtCBRYPZNMtV0ZLLqEZA@mail.gmail.com>
References: <CANduzxCU3wqZAptjBRrgtJuZymAReqxtKLf5BopTvbwD3tuJSQ@mail.gmail.com> <CAD5V+fM9eds4cJD_6c=HTAx0bJWAirQtCBRYPZNMtV0ZLLqEZA@mail.gmail.com>
Date: Mon, 20 Dec 2021 10:40:26 -0800
From: Christopher Wood <caw@heapingbits.net>
To: privacy-pass@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/8utH1iKLEy_vdMUQbL2F5gZkMZA>
Subject: Re: [Privacy-pass] Private Access Tokens and Privacy Pass Architecture
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2021 18:41:02 -0000
On Mon, Dec 20, 2021, at 8:52 AM, Alex Davidson wrote: > Hi, > > Broadly speaking, I think the reorganisation of the protocol, > architecture, HTTP auth docs make sense. Having not followed the work > on Private Access Tokens very closely, I think it would be beneficial > to have a presentation on this topic to the WG. Specifically, it would > be useful to hear more related to the motivation and intended goals of > this draft, and the applicability of this work to the WG. Definitely! That said, a primary objective of this refactor is to ensure that Privacy Pass can easily support different types of issuance protocols, including, for example, those that may produce publicly verifiable tokens. The base OPRF-based Privacy Pass variant is one specific type of issuance protocol. Public verifiable variants and PAT are simply other types. This seems like a clean way to address the extensibility point this WG has been discussing for quite some time now, and I'm hopeful that we can reach consensus on this as the path forward. > I also found a few minor issues after doing an initial read-through of the docs: > > - Section 3 of the HTTP auth doc seems to already be covered in Section > 3.2 of the architecture doc, maybe this could be replaced with a simple > citation? Yep, good catch: https://github.com/tfpauly/privacy-proxy/issues/121 > - This may be a hangover from a previous iteration, but in Section 4.2 > of the architecture doc the advised key rotation period (1-12 weeks) is > not consistent with the table in Section 6 (2-24 weeks). This is indeed hangover from the previous iteration, but we can clean it up here. > I will read the linked drafts over the next few days more thoroughly > and post any additional things that I notice here. Lovely -- thanks! Best, Chris > > Cheers, > Alex > > On Thu, Dec 16, 2021 at 4:41 PM Steven Valdez > <svaldez=40google.com@dmarc.ietf.org> wrote: >> Following up on IETF 112, and discussions about Private Access Tokens (https://www.ietf.org/archive/id/draft-private-access-tokens-00.html) in SECDISPATCH to move it to PRIVACYPASS, the authors have been working on a proposed re-architecture of the PRIVACYPASS documents to support both the existing privately verifiable construction (based on VOPRFs), as well as the publicly verifiable construction (based on RSA Blind Signatures) and the Private Access Tokens design. >> >> Links and a discussion to the proposed drafts are below. Please review them and provide feedback! >> >> Due to the scope of the changes, it might be useful to go over these drafts in a meeting. Chairs, would it be possible to get an interim scheduled in January to discuss these changes? >> >> --- >> >> Current proposed drafts of the documents are: >> >> Architecture: https://ietf-wg-privacypass.github.io/base-drafts/caw/arch-refactor/draft-ietf-privacypass-architecture.html >> HTTP Auth Scheme: https://tfpauly.github.io/privacy-proxy/draft-pauly-privacypass-auth-scheme.html >> PrivacyPass Issuance Protocol: https://ietf-wg-privacypass.github.io/base-drafts/caw/pp-issuance/draft-ietf-privacypass-protocol.html >> Rate-limited Token Issuance Protocol (Private Access Tokens): https://tfpauly.github.io/privacy-proxy/draft-privacypass-rate-limit-tokens.html >> >> The Architecture document provides the shared architecture that different tokens build on top of, generalizing the existing architecture of Issuer, Client, Origin to include an Attester (which is currently implicit in the existing architecture). It defines the purpose and requirements for Privacy pass issuance and redemption. >> >> The HTTP Auth Scheme document is a new document to provide an HTTP authentication scheme for Privacy Pass redemption. This can be used with any issuance protocol. >> >> The Issuance Protocol documents provide the protocol details for each issuance protocol (the PrivacyPass token protocol includes the VOPRF and RSA Blind Signature forms). >> -- >> Privacy-pass mailing list >> Privacy-pass@ietf.org >> https://www.ietf.org/mailman/listinfo/privacy-pass > -- > Privacy-pass mailing list > Privacy-pass@ietf.org > https://www.ietf.org/mailman/listinfo/privacy-pass
- [Privacy-pass] Private Access Tokens and Privacy … Steven Valdez
- Re: [Privacy-pass] Private Access Tokens and Priv… Alex Davidson
- Re: [Privacy-pass] Private Access Tokens and Priv… Christopher Wood