Re: [Privacy-pass] Draft on key consistency and discovery
Ben Schwartz <bemasc@google.com> Thu, 25 February 2021 17:02 UTC
Return-Path: <bemasc@google.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E4C3A1C85 for <privacy-pass@ietfa.amsl.com>; Thu, 25 Feb 2021 09:02:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZaJk_oPafz0 for <privacy-pass@ietfa.amsl.com>; Thu, 25 Feb 2021 09:02:36 -0800 (PST)
Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D25153A1CB7 for <privacy-pass@ietf.org>; Thu, 25 Feb 2021 09:01:22 -0800 (PST)
Received: by mail-il1-x12f.google.com with SMTP id e2so5533020ilu.0 for <privacy-pass@ietf.org>; Thu, 25 Feb 2021 09:01:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1DvSf357S/Djo4WyhNNx0Zd/SP4fTpCCjCWqdr/qA04=; b=gkXOGHNcK26MAx+iNJZLeif9WaBT/sxEfFomtMNZ3yJhm0Q6Wj/RfriHkwHlvzi+c+ oCF/dNJpUnz+7i/dS8c2yrDLB+31KwGqujoiIsJM3vjEUARJ/b0wI+n8oN8dznyk3raa vUcKjLNnW/sFypqc6UqjAZ3TWz/ki7GUnzfnKlZdc8wl81z/1p9u3+uV8q2GCMGF+xkz yK7MZPktSBpJj7dLDBbtEtz1/6H1Ggde5FveimPQl8tbuigHujF8qS+WF+THKvfYGUkO jShoLJt/eU861Ha6XMAqLQLeAiQ0HMkoXcCdLOHpAiAn5F7G78VciKOPEtnPRJTtCGad huXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1DvSf357S/Djo4WyhNNx0Zd/SP4fTpCCjCWqdr/qA04=; b=rhWDAyPkZjAPSr0bSKFKqCMEHFSi95C4mGPJTvr4NAVfjS2yaivtPww1yXbR+81zA4 nAwoIIEQQtDCI0XuzjoRRJ/YLZJWpyJksDUG8BcMxLrZUo0CPCCj4Ocg/z1OZ7/5wZeP inR0wcgiTt9k9oWyoSqNjI5q5KvYTeq5SP8Tiafpe7z2IdOpS6nYHr+Z9yUrizGc8YNI Q4YNelf9bTWQDetfX6omndCtFPWBDCB8FJXPlsimaAQyVhbwJ7wXmNxlvaKIMBcxglu+ PNmAx2Sd8IZ5o2JvVNVcDKmkY5kQ5H1W0UtAvJj2U9GBy5bUAab9XLif9tj8SaeAFyAd YHCw==
X-Gm-Message-State: AOAM530R05pfZp4SR505J04QuC855s70P0D6Qg/ps7yVyGfxCP0I0CuJ qdBg1hCu0Xu/zXTVF/2CCYUAqRxcpI/YWaPJ6rXOMA==
X-Google-Smtp-Source: ABdhPJyVQ0Y2wFJwV/rLk1QsnVotQcsXIYrEyQPg7leRJvlEk2FgxdXtlhVcalC8Q4XAM+h6YJ4d5YO398FQJcsFY9M=
X-Received: by 2002:a92:2e05:: with SMTP id v5mr3593874ile.241.1614272481834; Thu, 25 Feb 2021 09:01:21 -0800 (PST)
MIME-Version: 1.0
References: <92ed42af-2b1b-4974-9be4-4f73a9e0290c@www.fastmail.com>
In-Reply-To: <92ed42af-2b1b-4974-9be4-4f73a9e0290c@www.fastmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 25 Feb 2021 12:01:10 -0500
Message-ID: <CAHbrMsBhKKa6vZpXoqMJgQWv07CC57oV2=zt0om_N57mgr8EVw@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: privacy-pass@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000e08e7d05bc2c19c5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/BkthgangQhJeeYyGBUFd6uBzCGM>
Subject: Re: [Privacy-pass] Draft on key consistency and discovery
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 17:02:39 -0000
Thanks! Some notes: > Privacy-focused protocols which rely on widely shared public keys > typically require keys be consistent and correct. Is TLS not a privacy-focused protocol? I guess not by this definition. A "terms" section could help. > * Presenting a signed assertion from a trusted entity that the key > is correct. Do you mean "the key is universal/consistent"? > * Presenting proof that the key is present in some tamper-proof log, > similar to Certificate Transparency ([RFC6962]) logs. Do you mean that the log would apply some policy to prevent large numbers of keys (prevention)? Or that an external auditor could use the log to accuse the server of a policy violation (deterrence)? > * The proxy can give all users a key owned by the proxy, and either > collude with the server to use this key or retroactively use this > key to compromise user privacy when users later make use of the > key. The latter vulnerability seems easily avoided, no? If the server has a domain name, for example, it can easily sign its current "universal key" with a public key that is tied to the name (e.g. a DV X.509 certificate). For Privacy Pass, at least, there is potentially a presumption that the user has access to the network in a way that hides their identity and does not collude with the target. This might mean that the user's DNS resolver is presumed to be trusted. In that model, the resolver could act like a trusted proxy (Section 4.2). On Mon, Feb 22, 2021 at 6:13 PM Christopher Wood <caw@heapingbits.net> wrote: > A few of us put together a draft describing various requirements and > possible solutions for key consistency and discovery: > > https://datatracker.ietf.org/doc/draft-wood-key-consistency/ > > The result be of interest to folks in this WG. If there is room on the > agenda for a discussion around this topic, especially as it pertains to > Privacy Pass, I would be happy to present it during the upcoming IETF 110 > meeting. > > Best, > Chris > > -- > Privacy-pass mailing list > Privacy-pass@ietf.org > https://www.ietf.org/mailman/listinfo/privacy-pass >
- [Privacy-pass] Draft on key consistency and disco… Christopher Wood
- Re: [Privacy-pass] Draft on key consistency and d… Ben Schwartz
- Re: [Privacy-pass] Draft on key consistency and d… Matthew Finkel
- Re: [Privacy-pass] Draft on key consistency and d… Ben Schwartz
- Re: [Privacy-pass] Draft on key consistency and d… Eli-Shaoul Khedouri
- Re: [Privacy-pass] Draft on key consistency and d… Ben Schwartz