Re: [Privacy-pass] Issuer directory representation (#369)
Colin Bendell <colin@bendell.ca> Fri, 16 June 2023 16:58 UTC
Return-Path: <colin@bendell.ca>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98767C14CEFE for <privacy-pass@ietfa.amsl.com>; Fri, 16 Jun 2023 09:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bendell.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gU88DF-7tyz for <privacy-pass@ietfa.amsl.com>; Fri, 16 Jun 2023 09:58:06 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E05AC14CF18 for <privacy-pass@ietf.org>; Fri, 16 Jun 2023 09:58:06 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2b445512846so12944061fa.2 for <privacy-pass@ietf.org>; Fri, 16 Jun 2023 09:58:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bendell.ca; s=google; t=1686934684; x=1689526684; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sGTPmbnoSqlp8uIoYMrrZcrmNLWSyrbOlDp4mpsnTGY=; b=VeTbvZE6qD0d1O1WQeDKJPZ44kNXbb+A4SgQ4emXbvRKoYAuSf9Y5nmBOQaR9Dl75x 98tDoRF/cm5wzvm0qurP3IGrnB0BhlyID5h8FgFNEKtUWCkxG8VuhV6Z4UbxdWWibPG8 dWCN14SYdxnos/gwDacA5kX3qpNK9R++5v6Zk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686934684; x=1689526684; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sGTPmbnoSqlp8uIoYMrrZcrmNLWSyrbOlDp4mpsnTGY=; b=c5VaMCcDKsgn2MHYAjRmqlMLJQm3TixEdgz5rCkAKXO/XDF4MDuzuF3Ui90PiamqIc 8N/WKYB/CuF/+r1ZC9RxLeTXU99cIQalDLRlk5PHDYay3dng8D9/LHFFtIU1uTmZMQ45 M+sIvC9MZ1019s1nA1vjySXZn7zFPza2jRYJsnntS4lpIj+h0Q/SFBFa8eWJ+RYbT9fF lr7mwLyYvnXCBWF2mTlHWxtW4p+luFMyN4NmQdP5L0JxYyi0aehkKuOUMWQBXyJJFYQY Y4mI+dJqYdoiQDAkAmoTadUoCkTy3xbH0hT5amXFfqcUQuovoMuESToQPulAZMYXzrE3 whAA==
X-Gm-Message-State: AC+VfDzWAufvEJfDtETwtiaGNKdGMANtp/x5LGHYruKjveByhNQM8Lpm aP9Lg78VN1Ej6+iSkVeRNzkZVZZfcZq5QornI0EAVw==
X-Google-Smtp-Source: ACHHUZ4VyYA+iT+XDUYetdg8nAOCQ8Kc/cfj2OPnVLb38v0Z8cTP59dFbWLGk/yz0Kv/v42Yrf4idfjNCs4VlXvXSeM=
X-Received: by 2002:a2e:8e8b:0:b0:2b4:58a8:7b31 with SMTP id z11-20020a2e8e8b000000b002b458a87b31mr1679296ljk.19.1686934683858; Fri, 16 Jun 2023 09:58:03 -0700 (PDT)
MIME-Version: 1.0
References: <32407E4B-C75C-454E-AAAF-AE20AD09BFC4@heapingbits.net> <C70A50B4-2D9D-4752-8264-0AC1B4060F46@heapingbits.net>
In-Reply-To: <C70A50B4-2D9D-4752-8264-0AC1B4060F46@heapingbits.net>
From: Colin Bendell <colin@bendell.ca>
Date: Fri, 16 Jun 2023 12:57:52 -0400
Message-ID: <CAL12FVFcKDvqQ359EUVpirKEto7ZQzX6V+xeeB3wixQcVY6f3w@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: Tommy Pauly <tpauly@apple.com>, Eli-Shaoul Khedouri <eli=40intuitionmachines.com@dmarc.ietf.org>, privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="00000000000097504105fe421640"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/GT-1swlIK2uBeU2ZRmkzpVjx8xo>
Subject: Re: [Privacy-pass] Issuer directory representation (#369)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2023 16:58:10 -0000
On Thu, 15 Jun 2023 at 19:28, Christopher Wood <caw@heapingbits.net> wrote: > To hopefully close the loop in this, I put together this PR that > conceptually lifts the concept of key commitments from PSTs into the > current Privacy Pass issuer directory: > I initiated this thread after contrasting the similar key-sets exposed forPrivacyPass and Private-State-Tokens. As an outsider here, I'd like to see PrivacyPass expand the set of tokens so that PST can remove the definition from the W3C spec and depend exclusively on the PrivacyPass definition. To this end, the issuer directory should also include: * expiry * batch-size * key-id / version Expiration is important for PST because it is used by the UA to select from a set of possible keys. HTTP Cache-Control does not serve the same function as a certificate expiration. The cache-control header reflects the ttl of the directory, but the expiration for each public key. If we were to use HTTP cache policies, all public keys would be treated as if they had the same expiration. Batch-Size is interesting for VOPRF workflows where the issuance request includes multiple nonces. In this case the compute work for the issue request needs to be known apriori. Can the issuer handle 1 or 10 or 100 token batches? key-id or version is not needed for the protocol, but as a dev ergonomics it is nice to have a common implementation. Is it called 'version' or 'id' or 'key-id'? > I think we can pursue alternative representations separately. > Sounds good. /colin >
- [Privacy-pass] Issuer directory representation (#… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Eli-Shaoul Khedouri
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Tommy Pauly
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Tommy Pauly
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Tommy Pauly
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Joseph Salowey