IETF Logo Mail Archive

Re: [Privacy-pass] Issuer directory representation (#369)

Tommy Pauly <tpauly@apple.com> Fri, 16 June 2023 22:12 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 620CFC14CE2B for <privacy-pass@ietfa.amsl.com>; Fri, 16 Jun 2023 15:12:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R8ZUkCvv0L71 for <privacy-pass@ietfa.amsl.com>; Fri, 16 Jun 2023 15:12:43 -0700 (PDT)
Received: from ma-mailsvcp-mx-lapp03.apple.com (ma-mailsvcp-mx-lapp03.apple.com [17.32.222.24]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 197F4C14CE3B for <privacy-pass@ietf.org>; Fri, 16 Jun 2023 15:12:43 -0700 (PDT)
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma-mailsvcp-mx-lapp03.apple.com (Oracle Communications Messaging Server 8.1.0.22.20230228 64bit (built Feb 28 2023)) with ESMTPS id <0RWD00OWJ9OX5J10@ma-mailsvcp-mx-lapp03.apple.com> for privacy-pass@ietf.org; Fri, 16 Jun 2023 15:12:42 -0700 (PDT)
X-Proofpoint-ORIG-GUID: wYaLJlYtNC3XE26_Uu7hNG7q12_kKfeU
X-Proofpoint-GUID: wYaLJlYtNC3XE26_Uu7hNG7q12_kKfeU
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.591, 18.0.957 definitions=2023-06-16_14:2023-06-14, 2023-06-16 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 spamscore=0 malwarescore=0 bulkscore=0 adultscore=0 suspectscore=0 phishscore=0 mlxscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2305260000 definitions=main-2306160201
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=AYkjsOyKJbyHDN51T5ejnF7V1zu/ZeyzVyMvoIRYsLo=; b=P2JzUY2+1qAaoRSiOeArns50yffe8v/Mcamq5yf1fV7+IDrvJqhsofoeJbHWhLbmlCMb qy2qRhL8R+I52rBoev3Tlz5R8szXUKpnvKrVvGqSg/u9P3ihuj2aCsdWrVdYMdgyCyet WBlfUVNt8Qgy9WIj3k4E9tDLgIqELvd3T87R4dADPxiXsaPnlCNYBH9mH9Q3C1+QiD7O JoOpFSTw9GSvXdhGjWlIxVw83wCEgDmoF6oVbwdMOKNHime19oSdyHUKiG9hDC0iPbK1 9XP0vxJRnuZTmAEfg4QtfDQR7NEViTN8p4p+f6lDiNgnF/hKu2NFsGIV5BeHWU8zoLcO tQ==
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.22.20230228 64bit (built Feb 28 2023)) with ESMTPS id <0RWD00KC29P5DQL0@rn-mailsvcp-mta-lapp04.rno.apple.com>; Fri, 16 Jun 2023 15:12:41 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.22.20230228 64bit (built Feb 28 2023)) id <0RWD00S009K99700@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 16 Jun 2023 15:12:41 -0700 (PDT)
X-Va-A:
X-Va-T-CD: c9d324edc716231ddacf479473678aac
X-Va-E-CD: c29734ee15cdc01e7cb901b41f6fe6ac
X-Va-R-CD: 2a172c508489116061067424f24478ab
X-Va-ID: 26aa338f-dde8-4f9b-89ad-12b42c02708b
X-Va-CD: 0
X-V-A:
X-V-T-CD: c9d324edc716231ddacf479473678aac
X-V-E-CD: c29734ee15cdc01e7cb901b41f6fe6ac
X-V-R-CD: 2a172c508489116061067424f24478ab
X-V-ID: 9983686f-616b-4c0f-9e5f-eb4c6b8d4136
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.591, 18.0.957 definitions=2023-06-16_14:2023-06-14, 2023-06-16 signatures=0
Received: from smtpclient.apple ([17.234.62.91]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.22.20230228 64bit (built Feb 28 2023)) with ESMTPSA id <0RWD005IF9P49F00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 16 Jun 2023 15:12:40 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <382108BA-762E-4F5F-A128-3C8682B3F928@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_701A2076-E4DA-46D2-B0BD-34E47B2F1A2A"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3762.100.4.1.11\))
Date: Fri, 16 Jun 2023 15:12:30 -0700
In-reply-to: <CAL12FVHsV5Mx5-6WupjXL9J62-vJ21Qp2Cm7GokDbZCBgGq3Gw@mail.gmail.com>
Cc: Christopher Wood <caw@heapingbits.net>, Eli-Shaoul Khedouri <eli=40intuitionmachines.com@dmarc.ietf.org>, privacy-pass@ietf.org
To: Colin Bendell <colin@bendell.ca>
References: <CAL12FVFcKDvqQ359EUVpirKEto7ZQzX6V+xeeB3wixQcVY6f3w@mail.gmail.com> <1C7185E0-3B61-4C66-9992-76A2DF1A0CA1@heapingbits.net> <CAL12FVHsV5Mx5-6WupjXL9J62-vJ21Qp2Cm7GokDbZCBgGq3Gw@mail.gmail.com>
X-Mailer: Apple Mail (2.3762.100.4.1.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/OGysJ8wbSn-T1XV-XVLRBsg2Djc>
Subject: Re: [Privacy-pass] Issuer directory representation (#369)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2023 22:12:45 -0000


> On Jun 16, 2023, at 11:13 AM, Colin Bendell <colin@bendell.ca> wrote:
> 
> 
> 
> On Fri, 16 Jun 2023 at 13:07, Christopher Wood <caw@heapingbits.net <mailto:caw@heapingbits.net>> wrote:
>> 
>>> On Jun 16, 2023, at 12:58 PM, Colin Bendell <colin@bendell.ca <mailto:colin@bendell.ca>> wrote:
>>> 
>>> 
>>> 
>>> On Thu, 15 Jun 2023 at 19:28, Christopher Wood <caw@heapingbits.net <mailto:caw@heapingbits.net>> wrote:
>>>> To hopefully close the loop in this, I put together this PR that conceptually lifts the concept of key commitments from PSTs into the current Privacy Pass issuer directory:
>>> 
>>> I initiated this thread after contrasting the similar key-sets exposed forPrivacyPass and Private-State-Tokens. As an outsider here, I'd like to see PrivacyPass expand the set of tokens so that PST can remove the definition from the W3C spec and depend exclusively on the PrivacyPass definition. To this end, the issuer directory should also include:
>>> * expiry
>>> * batch-size
>>> * key-id / version
>> 
>> I think expiry information can be inferred from the resource’s cache control directives, 
> 
> I think you missed my comments below. 
> 
> As I said, the http cache-control only describes the document's lifecycle. Two main issues:
> 
> 1. The directory might have a TTL, but that doesn't reflect the specific age of each entry. What TTL should you set for a directory of 100 keys with a rolling 60 day offset for expiration? I think what you are assuming is that the CC should be 60 day and then the expired entry just disappears magically leaving 99? The challenge of course is that this doesn't give any signal to the consumer which key is nearing expiration relative to the other keys.
> 
> 2. The TTL from Cache-Control does not cleanly map to an expiration date/time since you need to depend on other transient details. (This is a classic problem of the interdependence of the Age, Date and Cache-Control headers). For an infrastructure operator, certificates are expected to have a fixed date/time for expiration and when the cert will be removed from rotation. This provides assurances of a token that is issued and when to expect that the token should expire. Just depending on the cert to be 'removed' from the directory is a surprising behavior for certificate change management processes.
> 
> Further, as I mentioned below, in the PST case, the specific expiration of a key is used in the selection process in the client-issuer communication. In PST, the UA uses 6 keys with the longest expiry date. Only tokens issued from this 6 can be added, while previous tokens are permitted. (I'm not sure how strong this argument is, since I'm not sure how much of a priority it is to converge the W3C / IETF variations. As an outsider, it would be nice if these spec's did align. Allowing for these directory attributes would pave a way to simplify the W3C spec. IMHO of course)

A meta-comment here:

There shouldn't be any “variants” between the W3C and IETF — any extensions for the web that W3C does should be built upon Privacy Pass, but not something in contradiction to it. All of these other deployment models (like what is proposed in PST) are just ways to instantiate Privacy Pass, and should align with privacy pass as a standard.

In this case, of course other specs can add recommended keys to add to a JSON dictionary (that can still align), or we could define “not-after” while we’re defining “not-before” and just be done with it.

Tommy

> 
>> and version is implied from the list of keys in the directory. That leaves key ID and batch size. The former is computed directly from the public key, so we don’t need to redundantly include it. The latter could be included as an optional parameter for issuance protocols that want to communicate this hint to the client. That parameter could even be included in the batch token issuance spec (https://datatracker.ietf.org/doc/draft-robert-privacypass-batched-tokens/). 
> 
> Ah! Why not merge the support for batch-tokens into the type=1 definition? I had assumed this was the intention since VOPRF BlindEvaluate function (draft 21) already allows for individual or arrays of elements. The only gap then is the TokenRequest & TokenResponse structs (and possibly adding ristretto255-SHA512 ) This is probably a different conversation though. The cross-over is the necessity to specify the batch-size in the issuer-directory.
>  
>> 
>> So altogether I think we’re covered?
>> 
>> Best,
>> Chris 
>> 
>>> 
>>> Expiration is important for PST because it is used by the UA to select from a set of possible keys. HTTP Cache-Control does not serve the same function as a certificate expiration. The cache-control header reflects the ttl of the directory, but the expiration for each public key. If we were to use HTTP cache policies, all public keys would be treated as if they had the same expiration. 
>>> 
>>> Batch-Size is interesting for VOPRF workflows where the issuance request includes multiple nonces. In this case the compute work for the issue request needs to be known apriori. Can the issuer handle 1 or 10 or 100 token batches?
>>> 
>>> key-id or version is not needed for the protocol, but as a dev ergonomics it is nice to have a common implementation. Is it called 'version' or 'id' or 'key-id'?
>>>  
>>>> I think we can pursue alternative representations separately.
>>> 
>>> Sounds good. 
>>> 
>>> /colin
> -- 
> Privacy-pass mailing list
> Privacy-pass@ietf.org
> https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email